[21095] in bugtraq
Re: pmpost - another nice symlink follower
daemon@ATHENA.MIT.EDU (Keith Owens)
Tue Jun 19 10:37:40 2001
From: Keith Owens <kaos@melbourne.sgi.com>
To: Paul Starzetz <paul@starzetz.de>
Cc: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
kaos@melbourne.sgi.com
In-Reply-To: Your message of "Mon, 18 Jun 2001 19:11:20 +0200."
<3B2E3638.F3E822E4@starzetz.de>
Date: Tue, 19 Jun 2001 18:29:40 +1000
Message-ID: <17400.992939380@kao2.melbourne.sgi.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
On Mon, 18 Jun 2001 19:11:20 +0200,
Paul Starzetz <paul@starzetz.de> wrote:
>there is a symlink handling problem in the pcp suite from SGI. The
>binary pmpost will follow symlinks, if setuid root this leads to instant
>root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
>package, though).
It would have been nice if you had informed SGI about this problem
before mailing to bugtraq.
As a temporary workaround, remove setuid from pmpost. Any PCP events
from pmie running as a user will not be logged, this is unlikely to be
a problem. A full patch will be available tomorrow, after it has been
reviewed.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999
iD8DBQE7Lw1zi4UHNye0ZOoRAkuiAKCPcvq+v50TVJ1yvoHTv7bvrqaKEACg1L12
cpMAlQsuJjV90ZJ6tXF1PUU=
=YBPa
-----END PGP SIGNATURE-----
