[2393] in linux-security and linux-alert archive
[linux-security] Re: rh62 suid files
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri Jul 28 08:17:04 2000
Date: Fri, 28 Jul 2000 12:54:49 +0200
From: Olaf Kirch <okir@caldera.de>
To: Leos Bitto <leos@staff.globopolis.com>
Cc: Martin Macok <martin.macok@underground.cz>, linux-security@redhat.com
Message-ID: <20000728125449.A28945@monad.swb.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <Pine.LNX.4.21.0007281036560.5380-100000@server.office.globopolis.com>; from leos@staff.globopolis.com on Fri, Jul 28, 2000 at 10:47:34AM +0200
Resent-From: linux-security@redhat.com
On Fri, Jul 28, 2000 at 10:47:34AM +0200, Leos Bitto wrote:
> > Why does RH6.2 ships with /sbin/dump & /sbin/restore root setuid? These
> > are for sysadmins, not for regular users I hope.
dump and restore are security desasters waiting to happen. I wonder why
they resurrected the s bits; previous RH versions didn't have them IIRC.
> /usr/libexec/pt_chown is being used for example by my favorite xterm
> clone, gnome-terminal. Every xterm-alike apllication needs to chown your
> tty. I think that doing it via a small wrapper (pt_chown) is much better
> way than giving suid bit to that whole application.
As Martin already pointed out, any reasonably up-to-date kernel supports
devpts, so there's no _need_ to chown the pty anymore as the kernel does it
for you. Using devpts does require patching the application though; not
sure what gnome-terminal does.
FWIW, when I looked into pt_chown about a year ago it did have a problem.
I don't recall exactly what it was but I think the problem was that
it didn't check that the tty you gave it was open for writing _and_ reading.
So if you broke group tty, you could chown anybody's tty as long as it
was set to mesg y.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
okir@caldera.de +-------------------- Why Not?! -----------------------
UNIX, n.: Spanish manufacturer of fire extinguishers.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
