[12411] in bugtraq
Re: Amanda multiple vendor local root compromises
daemon@ATHENA.MIT.EDU (Bill Fumerola)
Tue Nov 2 13:30:49 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.9911012225250.77091-100000@jade.chc-chimes.com>
Date: Mon, 1 Nov 1999 22:30:40 -0500
Reply-To: Bill Fumerola <billf@CHC-CHIMES.COM>
From: Bill Fumerola <billf@CHC-CHIMES.COM>
X-To: Chris Tobkin <tobkin@SOFTWARE.UMN.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.3.96.991101150733.23808x-100000@goblin.jaws.umn.edu>
On Mon, 1 Nov 1999, Chris Tobkin wrote:
> I doubt that this is OS specific in the installation, but all the installs
> of amanda i've seen (and have running here) have runtar suid root, but
> perm'd to 7450 (other can't exec it). It may be part of the packages
> bundled with FreeBSD.. All of our builds are local compilations from
> source... (In fact, all the suid binaries installed by a `make install`
> are perm'd o-rwx and have a gid of sys or other) -- All I have for
> reference here are solaris and AIX machines.. can anyone else confirm?
[hawk-billf] /home/billf/cvswork > ls -l /usr/local/libexec/amanda/runtar
-rwsr-xr-x 1 root wheel 3915 Oct 29 07:46 /usr/local/libexec/amanda/runtar
I'm not speaking on behalf of FreeBSD: The FreeBSD port does just use amanda's
build scheme and doesn't circumvent it. It also passes to configure:
--with-user=operator --with-group=operator
I'll look into this, and I've cc:'d the maintainer of the port and the
FreeBSD security officer.
--
- bill fumerola - billf@chc-chimes.com - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - bfumerol@computerhorizons.com - billf@FreeBSD.org -
