Show patches with: Series = Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle       |    Archived = No       |   20 patches
Patch Series A/R/T S/W/F Date Submitter Delegate State
[20/20] Core Update 157: Apply changed permissions to /srv/web/ipfire/cgi-bin/cachemgr.cgi Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[19/20] Squid: cachemgr.cgi does not have to be owned (hence writeable) by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[18/20] nagios-plugins: Prevent Nagios plugins from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[17/20] NRPE: Prevent NRPE binary from being owned by "nobody" Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[16/20] Core Update 157: Remove executable bit less ugly Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[15/20] Core Update 157: Apply changed permissions to /var/ipfire/ovpn/ovpn-leases.db Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[14/20] OpenVPN: ovpn-leases.db for sure does not have to be executable Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[13/20] Core Update 157: Apply changed permissions to /var/ipfire/updatexlrator/bin/ Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[12/20] Squid: Prevent binaries within /var/ipfire/updatexlrator/bin/ from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[11/20] Core Update 157: Apply changed permissions to /var/ipfire/urlfilter/bin/ Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[10/20] SquidGuard: Prevent binaries within /var/ipfire/urlfilter/bin/ from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[09/20] backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by nobody Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[08/20] Core Update 157: Ship changed iputils due to /usr/bin/ping changes Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[07/20] Core Update 157: /var/ipfire/fwhosts/icmp-types does not have to be executable Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[06/20] Core Update 157: Delete orphaned DMA mail box creation binary as well Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[05/20] DMA: do not ship a binary for creating mail boxes Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[04/20] Core Update 157: Delete ssh-keysign binary Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[03/20] /usr/bin/ping does not need a SUID bit if appropriate capabilities are set Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[02/20] Core Update 157: remove SUID bit from /usr/bin/gpg Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted
[01/20] GnuPG does not need to have a SUID bit set Prevent "nobody" from escalating privileges by using writeable binaries as a vehicle - - - --- 2021-05-17 Peter Müller Accepted