[9749] in bugtraq
Re: [HERT] Advisory #002 Buffer overflow in lsof
daemon@ATHENA.MIT.EDU (Lee Brotzman)
Tue Feb 23 13:18:35 1999
Date: Mon, 22 Feb 1999 16:03:18 -0500
Reply-To: Lee Brotzman <leb@NASIRC.HQ.NASA.GOV>
From: Lee Brotzman <leb@NASIRC.HQ.NASA.GOV>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 19 Feb 1999 13:35:09 EST."
<Pine.BSF.3.96.990219132732.23209B-100000@fledge.watson.org>
> On Fri, 19 Feb 1999, Mariusz Marcinkiewicz wrote:
>
> > On Thu, 18 Feb 1999, Don Lewis wrote:
> >
> > > ... or are there systems that give group kmem write privileges? If so,
> > > I'd say that's a security hole.
> >
> > Yes, you are right... but... I saw that hole after installing new linx and
> > checked it's security. First I was suprised but not for a long time.
> > In a few mins I noticed all linux versions are chown .kmem; chmod g+s
> > lsof... on linux /dev/kmem is +w for gid kmem, on bsd too (probably, I
>
> Sorry, no go. FreeBSD 2.2-STABLE and 4.0-CURRENT, the two versions I
> have sitting around, have the following permissions on /dev/kmem:
>
> crw-r----- 1 root kmem 2, 1 Mar 7 1998 /dev/kmem
>
> Please verify claims such as these before posting them.
I have to agree. On my installation of Caldera OpenLinux 1.2, I see the
following:
$ ls -l /usr/sbin/lsof
-rwxr-xr-x 1 root root 72492 Jan 7 1998 /usr/sbin/lsof
$ ls -l /dev/kmem
crw-r----- 1 root kmem 1, 2 Jul 29 1998 /dev/kmem
No SetGID on lsof, no +w on /dev/kmem. For the claim of "all linux versions",
just which linux versions were you talking about?
--
-- Lee E. Brotzman, NASA Automated Incident Response Capability (NASIRC)
-- Phone: 814-861-5028 Fax: 814-861-3806 Email: leb@nasirc.hq.nasa.gov
