[3679] in WWW Security List Archive
Re: Hole: nobody shell
daemon@ATHENA.MIT.EDU (Bojan Zdrnja)
Wed Dec 4 06:00:12 1996
In-Reply-To: <3.0.32.19961203125212.00b4ad84@best.com> from Daniel Smith at "Dec 3, 96 12:53:02 pm"
To: www-security@ns2.rutgers.edu
Date: Wed, 4 Dec 1996 09:56:07 +0100 (MET)
From: bzdrnja@zems.fer.hr (Bojan Zdrnja)
Reply-To: bzdrnja@zems.fer.hr
Errors-To: owner-www-security@ns2.rutgers.edu
[]>
[]>on the part of users: use "xhost(1)" to limit where your Xserver
[]>will accept connections. This has been discussed elsewhere, and
[]>is only as good of a solution as the sophistication of the user
[]>(or their sysadmin). Caveat User.
This will prevent user from opening Xterm, but hole with nobody still exist.
A user with access to your cgi-bin can write a simple script which will just
copy /bin/sh to /tmp and will do a setuid on it. So, you'll have /tmp/sh
which is setuid nobody giving him (and other users that access).
Any suggestions for that ?
Regards, Bojan
--
E-mail: bzdrnja@zems.fer.hr (world address)
WHERE DREAMS COME TRUE | URL: | System
AND MUSIC NEVER STOPS | http://fly.cc.fer.hr/~ld/ | Administrator
