> > In message <9409212345.AA24268@gsms01.alcatel.oz.au> you write: > > I have just noticed that SunOS 4.1.x has not fixed the setuid script > > problem. I can't see a solution on SunSolve and Sun Support are not > > helpful. Can anyone advise me of the procedure to fix this bug? > > The best solution is to make sure you don't have suid shell scripts > Cops does a fine job in finding them for you so does: > > find / \( -type d -fstype nfs -prune \) -o -type f \( -perm -4001 -o -perm > -4010 -o -perm -4100 -o -perm -2100 -o -perm -2010 -o -perm -2001 \) > > If I remeber correctly SunOS 4.1.x is just one of those UNIX systems that > allows suid shell scripts. I don't think this will be 'fixed'. > But you can always try to mail security-alert@Sun.COM. > > Of course you can always mount your filesystems `nosuid'. Colin