I agree that SUID security is something very important
with shell accounts.
It's a bit of a scare tatic to have members of this
board running a SUID check across their whole mounts.
Guys if you're not running shell accounts for anyone
other than yourselves, and you're running the latest
patched ssh, now aren't we???
find /your/web/root -perm 4000 -print
Now every cgi that pops up on the screen... have you
gone line by line through the source yourself to know
what it does and have you checked bugtraq to see
if anything you didn't write yourself has known buffer
overflow.
Skitzoe, I'm not saying a security audit is a bad idea.
ANYONE running linux (and full installed FreeBSD when
they only need web services) should run a security
audit and have a full printed report on hand for ease
of tracking a hacker.
...but if you're going to tell webmasters that
/games/trek is threat to paysite ...well then you
shouldn't be doing security audit sales.
