Hi all,
[somehow this didn't make it to the list yesterday, maybe the
attachment was too large. I'm sending it again, this time as
bzip2, so apologies if you receive this twice.]
I wanted to look through an up-to-date list of files in unstable
with setuid and setgid flags yesterday and noticed the lintian
lab on gluck already includes index files of all binary packages.
It turned out quite easy to extract from those:
setuid binaries: 175 (of those all but 18 are setuid root)
setgid binaries: 163 (none setgid root)
local root vulns found after quick inspection: 2 :-/
If others find this useful, it might be an idea to turn this into
a cronjob and export it somewhere on people.d.o. We would need
check with the lintian maintainers if accessing the lab directly
can cause problems for the lintian cronjobs though.
cheers,
Max
lab-priv-2006-05-05.bz2
Description: Binary data
_______________________________________________
Debian-audit mailing list
Debian-audit@xxxxxxxxxxxxx
http://shellcode.org/mailman/listinfo/debian-audit
| 
