[1603] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Security Concern..

daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Tue Sep 16 13:05:36 1997

From: "Alexander O. Yuriev" <alex@yuriev.com>
To: gustavo@molina.com.br
cc: SERVER-LINUX@NETSPACE.ORG, linux-security@redhat.com
In-reply-to: Your message of "Tue, 16 Sep 97 15:06:58 GMT."
             <341e972b.276557@virtual.weba.com> 
Date: Tue, 16 Sep 97 12:52:19 -0400
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


[Mod: This message is a reason *why* linux-security is moderated list. This
is also a reason why Rogier, myself, Alan Cox and others really do not want
to have completely open lists that deal with security related aspects of
running a system as way too many people just jump to conclusions and give
suggestions without doing any reasearch on a subject. -- alex (co-moderator
of linux-{security|alert}@redhat.com)]

Your message dated: Tue, 16 Sep 97 15:06:58 GMT
> On Tue, 16 Sep 1997 09:50:08 -0400, pstewart <pstewart@ONCOMDIS.ON.CA> wrote:
> 
> Well, first of all, as a general rule chmod -s all files except those that
> *really* need it... And you really need in your system.
> 
> >-rwsr-x---   1 root     floppy      18300 Jul  5  1996 /usr/bin/fdmount
> Do you use fd a lot ?

Huh? It can be only executed frmo a group floppy.

> 
> >-rwxr-sr-x   1 root     uucp       117101 Dec 11  1995 /usr/bin/minicom
> you can chmod -s it most of the times

This is sgid executable, not suid. In order to create a lock file you better
have it.


> >-rwsr-xr-x   1 root     bin         17196 May 22  1996 /usr/bin/a /usr/bin/a
> t
> there are some exploits for it. I suggest you chmod -s it.

Silly advice. There were some exploits of atrun about 2 *years* ago.

> 
> >-rws--x--x   1 root     bin          9236 May 22  1996 /usr/bin/crontab
> same as above

And lose all functionality? Nice comment.
 
> 
> >-rws--x--x   1 root     bin         39416 May 22  1996 /usr/bin/splitvt
> Uh, I don't know what's that for. Chmod -s it and see if you have any adverse
> reaction.
> 
> >-rwsr-xr-x   1 root     root        12224 Oct  9  1996 /usr/bin/chsh/usr/bin
> /chsh
> chmod -s this too.

and lose ability to change shells... silly.

> >-rwsr-xr-x   1 root     root        13292 Oct  9  1996 /usr/bin/chfn
> Why not ? Let's be on the safe side. chmod -s

same as above.

> 
> >-rwsr-xr-x   1 root     root        20460 Oct  9  1996 /usr/bin/chage
> I also don't have this one. What's that for ?

changes age info in shadow file

> 
> >-r-xr-sr-x   1 root     tty          7140 Jun  2  1996 /usr/bin/write
> There are some ways to screw other users connection w/ write. For example, im
> age
> someone does: cat /dev/urandom|write <someone> ... Or instead of /dev/urandom
>  he
> uses /dev/zero or even some huge file... The other user HAS to disconnect.


wrong answer - this is sgid program i.e. mesg n will fix it

> 
> >-rws--x--x   1 root     bin        405148 Jun 28  1996 /usr/bin/sperl5.003
> Easily exploitable. chmod -s ASAP.


wrong again. depends on which version it is.
 
> >-rwsr-sr-x   1 root     mail        51448 Jun 15 01:14 /usr/bin/procmail
> my procmail is -s.

If it is used as a local mail delivery agent, it should be suid

> 
> >-rwxr-sr-x   1 root     mail         8552 Jun 15 01:14 /usr/bin/lockfile
> I also chmoded -s this one

why>

> 
> >-rwsr-xr-x   1 root     bin         13937 Dec  5  1995 /usr/bin/rcp
> and also this one

losing rcp functionality.

> 
> >-rwsr-xr-x   1 root     bin          9516 Dec  5  1995 /usr/bin/rlogin
> I chmoded 700 it. There are some dangers.


That breaks the protocol. It was fixed long time ago

> >-r-sr-xr-x   1 root     bin          6856 Dec  5  1995 /usr/bin/rsh
> This one's also chmoded 700.

Breaks the protocol.

> >-r-sr-xr-x   1 root     bin          8980 Dec  5  1995 /usr/bin/traceroute
> Leave this this way, otherwise it doesn't work

First reasonable comment

> 
> >-rwsr-xr-x   1 root     bin         31304 Jun  2  1996 /bin/mount
> >-rwsr-xr-x   1 root     bin         17168 Jun  2  1996 /bin/umount
> Easily explotable. chmod 700.

Incorrect. Install fixes.

> >-rws--x--x   1 root     root        54428 Oct  9  1996 /bin/diplogin
> >-rws--x--x   1 root     bin         54428 Aug 14  1996 /sbin/dip-3.3.7o
> Dip has some bugs... chmod -s it.

Install fixes.


Alex


-----------------------------------------------------------------------------
Alex "Mr. Worf" Yuriev         Nationwide ISP Bandwidth:  [www.netaxs.net   ]
Net Access                     Outsourced News Reading:   [www.newsread.com ]
alex@{netaxs.com|yuriev.com}   Outsourced Shell Accounts: [shellaccounts.com]
   RIP is irrelevant. Spoofing is futile. Your routes will be aggregated.
-----------------------------------------------------------------------------


home help back first fref pref prev next nref lref last post