[8465] in bugtraq
Making xlock setuid root
daemon@ATHENA.MIT.EDU (Stefan Rompf)
Mon Nov 9 17:05:43 1998
Date: Fri, 6 Nov 1998 10:18:51 +0100
Reply-To: Stefan Rompf <srompf@TELEMATION.DE>
From: Stefan Rompf <srompf@TELEMATION.DE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.3.96.981105023535.20348A-100000@ug>
At 02:41 05.11.98 -0400, Aaron Campbell wrote:
>It's hard to tell how serious this is, but I'm sure it could be harmful in
>some situations/environments. At any rate, a bug that should definitely be
>fixed, especially since xlock is normally set-user-ID root.
Instead of making xlock and other programs that need access to /etc/shadow
setuid root, you can create a group named shadow, allow this group to read
the shadow file and make all those programs setgid shadow. So if someone
finds an exploit, all he can get is the shadow password file instead of
immediate root access.
This is nothing really new, I've tried it with xlock the first time in
1995, so I cannot understand why Unix distributions still ship with the
program setuid to root.
cu.. Stefan
+--------------------------------------------------------------+
| Customer: I'm using Windows '95. Hotline: Ok, got that one. |
| Customer: It's not working. Hotline: You already said that. |
+--------------------------------------------------------------+
