Subject: CVS commit: pkgsrc/misc/kdeutils2
To: None <pkgsrc-changes@netbsd.org>
From: Nick Hudson <skrll@netbsd.org>
List: pkgsrc-changes
Date: 11/10/2001 21:43:34
Module Name: pkgsrc
Committed By: skrll
Date: Sat Nov 10 19:43:33 UTC 2001
Modified Files:
pkgsrc/misc/kdeutils2: Makefile
Log Message:
Don't install efax setuid root.
From the email to kde-announce:
The program "efax" which is distributed as part of the klprfax program in the
kdeutils module poses a security risk when installed suid. "efax" has been
part of KDE 2.2 and KDE 2.2.1 and is installed suid by default.
Scope: a local user can gain root privileges by exploiting a bug in "efax".
Solution: Remove the suid bit from the "efax" executable. This can be done
with the following command:
chmod -s `locate bin/efax`
"efax" will continue to work as before as long as users have sufficient rights
to create lock files in the system lock directory (like /var/lock) and
sufficient rights to open the modem device.
To generate a diff of this commit:
cvs rdiff -r1.5 -r1.6 pkgsrc/misc/kdeutils2/Makefile
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.