[3255] in bugtraq
Re: libresolv+ bug
daemon@ATHENA.MIT.EDU (John Macdonald)
Thu Aug 22 20:46:53 1996
Date: Thu, 22 Aug 1996 14:55:49 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: John Macdonald <jmm@elegant.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199608221256.WAA32109@godzilla.zeta.org.au> from "Nick Andrew"
at Aug 22, 96 10:56:57 pm
Nick Andrew wrote :
|| Forwarding a message from Thomas Ptacek:
|| > The primary problem, as I see it, is not that SUID programs are being
|| > written poorly, or that the sensitivity of SUID programs is not being
|| > adequately dealt with by the operating system, or the compilers that
|| > produce the executable code; it's that SUID programs, as present in most
|| > modern Unix operating systems, are being written at all.
It is not setuid programs that are at fault, it is
setuid-to-root programs. The setuid facility is a reasonable
low-level means for building encapsulated security programs, but
instead of designing a program to have its own id too many
people just use root. (uucp and lp are examples of program
suites that were designed to not need to run as root).
|| The problems are orthogonal. Poorly written programs can still be
|| exploited through buffer overflows, stack corruption and the like.
|| The only difference is - if the program has no additional privileges
|| then the program can do nothing which the intruder couldn't do anyway.
||
|| The exceptions are if the program is running as a different user (e.g.
|| root) or group, or is running on a machine (or in an environment) in
|| which the intruder does not have privilege to execute code.
||
|| However, as soon as _any_ additional privilege is granted, the
|| same old vulnerabilities come back to haunt us. Additional privilege
|| implies that an intruder could abuse that privilege. It hurts so much
|| because "additional privilege" usually means root access.
However, if every different area of privilege runs as a
different account, then these vulnerabilities only expose the
facilties available to the program that has the bug, rather than
exposing the entire system.
--
Daddy didn't obey that traffic signal... | John Macdonald
the green arrow pointing straight up. | jmm@Elegant.COM
Katrina Macdonald (4 years old) |
