[1296] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Security hole in Debian 1.1 dosemu package

daemon@ATHENA.MIT.EDU (Hynek Med)
Sun Nov 17 19:14:24 1996

Old-X-Envelope-From: xmedh02@manes.vse.cz  Fri Nov 15 05:49:02 1996
Date: Fri, 15 Nov 1996 11:42:09 +0100 (MET)
From: Hynek Med <xmedh02@manes.vse.cz>
To: linux-security@redhat.com
In-Reply-To: <m0vNwwn-000SmHC@proton.pathname.com>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

On 14 Nov 1996, Daniel Quinlan wrote:

> In Debian 1.1, the optional DOSEMU package installs /usr/sbin/dos
> setuid root.  This is a serious security hole which can be exploited
> to gain access to any file on the system.

Dosemu, especially in older versions, has a lot of security holes
(remember the one with unix.com?). I doubt it can be made totally secure,
when it gives you direct control of hardware.. Putting someone to
dosemu.users is almost the same as giving him root access.

Hynek

[REW: I wasn't trivially able to reproduce this under Red Hat 3.0.3
(with patches for 2.0 kernel) and dosemu 
   "0.60.4.5 $Date: 1995/05/06 16:25:30"
Joshua Heling reports that Red Hat 4.0, dosemu 0.63.1 IS vulnerable.]

--
Hynek Med, xmedh02@manes.vse.cz


home help back first fref pref prev next nref lref last post