[10126] in bugtraq
Re: Digital Unix 4.0E /var permission
daemon@ATHENA.MIT.EDU (Harhalakis Stefanos)
Wed Apr  7 16:04:30 1999
Date: 	Wed, 7 Apr 1999 02:56:40 +0200
Reply-To: Harhalakis Stefanos <v13@AETOS.IT.TEITHE.GR>
From: Harhalakis Stefanos <v13@AETOS.IT.TEITHE.GR>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <Pine.LNX.4.02.9904061008440.378-100000@broken.allied.org>
 I don't think tha having more than one 'root passwords' is secure.
If you want someone to have root privileges give him the root password.
In any other case you want him to not be albe to become root..
 For the xlogin.. I did not say anything different than yours.. Anyway
As far as i remember in clogin there is an if that looks if you want cde
or xdm. If cde is selected , then one of the programs/scripts that is
executed is changing the permissions. This is NOT from the OS, but from
the window manager... I don't think that CDE may judge whether or not /var
needs g+w, unless it realy need this...
I thought that the way the scripts are called and the link-staff
was not relative and was known.... Nothing new there..
And one more thing.. If you decide to use a different partition
for /var, then it is not a symlink to /usr/var, but /usr/var is
a symlink to /var.. (This was our case)
<<V13>>
p.s. In the original mail I wrote /var/sbin.... which was a mistake..
On Tue, 6 Apr 1999, implosion wrote:
> 	First of all, under Digital UNIX, the system group is the group that is
> 'pseudo-root', i.e. have near root privilages and are allowed to su into
> root.  /var, which under a default install, is a sym-link to /usr/var,
> contains all of the system accounting files, LSM, and other system
> specific files that all System Administrators would need to run thier
> system.  So, it is only logical that system have write permissions to that
> directory.
> 	Also, one should note that any system administrator should (and
> would, I would hope), only put _secure_ accounts in the system group, i.e.
> any account that is going to utilize a safe password and those accounts
> are not going to have set-uid or gid executables attached to them.
> 	One more note:  as an ls -la of /sbin/rc3.d would show you,
> S95xlogin is only a sym-link to /sbin/init.d/xlogin.  The S95 is there so
> when init comes up to run level 3, it will start (the  S tells it that),
> and the 95 is placed there to put it in order - you add a numeric number
> to the front of the executable, so when the rc3 script processes
> /sbin/rc3.d, it gets launched after certain daemons and programs that need
> to be running in order for it to start. To the best of my knowledge,
> xlogin isnt doing anything to the /var permissions.
>
> -Implosion
>
>
>  On Sun, 4 Apr 1999, Harhalakis Stefanos wrote:
>
> >  On Digital Unix 4.0E with the latest patch kit aplied, after a new
> > installation /var has g+w for group system. Anyone that can crack any
> > account with gid==system may exploit this (not tested but there should be
> > no problem with mv'ing /var/sbin, /var/adm etc etc..). It seems that CDE
> > is forcing g+w to /var.. The whole thing is done while executing
> > /sbin/rc3.d/S95xlogin and only if CDE is selected.
> >
> > <<V13>>
> >
>