[267] in Intrusion Detection Systems
no subject (file transmission)
daemon@ATHENA.MIT.EDU (Dr. Frederick B. Cohen)
Thu Jun 15 15:21:00 1995
From: fc@all.net (Dr. Frederick B. Cohen)
To: ids@uow.edu.au
Date: Tue, 13 Jun 1995 13:24:50 -0400 (EDT)
Reply-To: ids@uow.edu.au
We found the first configuration error in the secure http daemon/gopher
daemons and thought we would let everyone know about it.
The error is that if /bin/sh is world executable in the Setuid area, the
outsider can get a shell in the setuid area as the W3 user. This goes
for any executable placed in the setUID area (as is the intent of the
function). There are two solutions.
1: don't make the shell world readable in the setUID area
2: get the new version of the server software that doesn't do
the unnecessary function.
Since the get-only functions do not require execution (it was a nice
feature that someday might have expanded to allow FORMS), the latter is
the safer solution.
