[297] in linux-security and linux-alert archive
Re: YAWTCQ
daemon@ATHENA.MIT.EDU (=?ISO-8859-1?Q?Thomas_K=F6nig?=)
Wed Jul 26 14:02:02 1995
To: joey@finlandia.Infodrom.North.DE (Martin Schulze)
Date: Sat, 22 Jul 1995 02:16:18 +0200 (MET DST)
Cc: Thomas.Koenig@ciw.uni-karlsruhe.de, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0sZMq8-000K8OC@finlandia.Infodrom.North.DE> from "Martin Schulze" at Jul 21, 95 08:30:24 pm
From: Thomas.Koenig@ciw.uni-karlsruhe.de (=?ISO-8859-1?Q?Thomas_K=F6nig?=)
> [ Speaking for at jobs, not for crontabs, just to avoid confusion ]
>
> Yes, but wont't it be more secure to manage a database file containing
> the user, group and file to execute? Then the script might be owned by
> daemon.daemon or whatever, and you can't read it anymore.
This is certainly a possibility.
However, the at/atrun pair is already at the limits (IMHO) of
complexity for root - privileged programs. I would't want to
add database routines, which probably add their own set of bugs
and problems.
Also, this would mean that anybody who cracks daemon will easily
be able to crack any user's account; with the current setup, I at
least took some care that this should not happen with the
current scheme. (If I overlooked something, please tell me :-)
> And if I think about cheating a possibly existing quota, does there
> exist a limitation in the length of at jobs? (haven't looked at the
> source)
I have to confess ignorance how the Linux quotas work, especially
as to which checks are performed at which time, and who gets charged
for quota after a chown on an open file. Can anybody shed light on
this?
> }It is no longer possible to edit at jobs there in newer versions;
> }as turned out recently, this was a very wise descision, because there
> }did indeed lurk a potential fatal security hole there.
>
> I do understand that.
The only exploitation I was aware of was fiddling with the username to
send unwanted options to sendmail. If anybody's aware of any other,
please tell.
> And it's also impossible to look at the script
> after installing it.
Adding this, I think, should not pose any risk. Check for matching
userid, open the file, drop all privileges, and copy the
file to standard output. No hole that I can see; consider it
on my TODO list.
--
Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
The joy of engineering is to find a straight line on a double
logarithmic diagram.
