Don't install efax setuid root.

From the email to kde-announce:

The program "efax" which is distributed as part of the klprfax program in the
kdeutils module poses a security risk when installed suid. "efax" has been
part of KDE 2.2 and KDE 2.2.1 and is installed suid by default.

Scope: a local user can gain root privileges by exploiting a bug in "efax".

Solution: Remove the suid bit from the "efax" executable. This can be done
with the following command:

         chmod -s `locate bin/efax`

"efax" will continue to work as before as long as users have sufficient rights
to create lock files in the system lock directory (like /var/lock) and
sufficient rights to open the modem device.

0 files changed, 0 insertions, 0 deletions