[1727] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] bug in su (Slackware 3.4)

daemon@ATHENA.MIT.EDU (Peter van Dijk)
Sun Mar 22 05:38:11 1998

Date: 	Sun, 15 Mar 1998 18:32:26 +0100
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
To: BUGTRAQ@NETSPACE.ORG
Resent-From: linux-security@redhat.com

If sulog file logging is enabled in /etc/login.defs (shadowing installed!)
and su has never been used, a user can set his umask to 0 and then run su.
/var/log/sulog will then be created mode 666, which means user can use su
to try lots of passwords and then, when done, do something like
cat /dev/null > /var/log/sulog
and clear out the logfile.
Same goes for sudo.
Note: everything will still be logged in syslog (unless disabled!)

Greetz, Peter.

------------------------------------------------------------------------------
 'Selfishness and separation have led me to   .      Peter 'Hardbeat' van Dijk
  to believe that the world is not my problem .    network security consultant
  I am the world. And you are the world.'     .               (yeah, right...)
          Live - 10.000 years (peace is now)  .        peter@attic.vuurwerk.nl
------------------------------------------------------------------------------
  6:25pm  up 1 day,  4:22,  5 users,  load average: 0.69, 0.22, 0.07
------------------------------------------------------------------------------

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post