[1292] in linux-security and linux-alert archive
[linux-security] setgid binaries
daemon@ATHENA.MIT.EDU (Andrew G. Morgan)
Thu Nov 14 17:13:46 1996
Old-X-Envelope-From: morgan@parc.power.net Thu Nov 14 02:40:18 1996
From: "Andrew G. Morgan" <morgan@parc.power.net>
To: linux-security@redhat.com (Linux Security)
Date: Wed, 13 Nov 1996 22:45:02 -0800 (PST)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
Hi,
I've been thinking about group membership and the corresponding (weak)
restrictions to system resources. Consider the following:
% cat > gsh.c
main()
{
system("/bin/sh");
}
% cc -o gsh gsh.c
% id
uid=100(joe) gid=500(users) groups=14(floppy),15(sound)
% chgrp sound gsh
% chmod g+s gsh
% mail abuser
Subject: You owe me $5...
Hi ab!
So the sysadmin stopped you using the sound card did he? Well
if you will give me the money you promised, I'll solve that!
.
The beauty of this is that once 'joe' has made this program he will always
have access to the sound card.. Even if the administrator tries to remove
him from the group too...
My problem with this is that the sys-admin is powerless to control the
allocation of groups on his system since the individual users have freedom
to share membership in this way. Is there a legitimate reason why users can
set programs to be setgid?
I'd like to hear people's comments.. Thanks.
[REW: There is NOTHING you can do to prevent people giving away the
access they have themselves. They can give their password away, and
for example the above trick can be used to give just their group access
away....]
Andrew
--
Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html
libpwdb: http://parc.power.net/morgan/libpwdb/index.html