[15950] in bugtraq
Re: Cobalt RaQ 3 security hole?
daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)
Tue Jul 25 15:35:52 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7BIT
Message-Id: <200007250306.e6P363K20078@bean.epix.net>
Date: Mon, 24 Jul 2000 23:02:17 -0500
Reply-To: forrest@mibsoftware.com
From: "Forrest J. Cavalier III" <mibsoft@EPIX.NET>
X-To: "Edward S. Marshall" <emarshal@LOGIC.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
The Microsoft FrontPage security model and implementation
of the idea mentioned by E Marshall is discussed at:
http://officeupdate.microsoft.com/frontpage/wpp/serk/scuni.htm
(And as a bonus for checking just now, they seem to have finally
published the FrontPage client-server RPC API too!)
http://msdn.microsoft.com/workshop/languages/fp/default.asp
Forrest J. Cavalier III, Mib Software
Get links to code and the knowledge to use it.
http://www.rocketaware.com/ Programmer's Webliography
"Edward S. Marshall" <emarshal@LOGIC.NET> wrote, in part:
> On Fri, 21 Jul 2000, Peter W wrote:
> > You think having SUID binaries lying around on the filesystem is a better
> > idea? Runnable by --you said it-- 'nobody'?[0] Maybe even run by random
> > other local users?
>
> That particular trust issue is a solvable problem, especially in this
> case.
>
> Imagine a wrapper script for Apache which generates a random cookie and
> writes it to a file readable only by root (and then executes Apache with
> reduced priviledge, perhaps passing in file descriptors for the ports it
> needs while doing so, ala INN's "startinnd").
>
> Then imagine a setuid helper application (say, a modified suexec) whose
> sole purpose in life is to read that cookie file, receive the cookie via
> some form of IPC from Apache, compare the two, and allow execution of one
> application within a specific set of permitted programs if the cookie
> matches.
>
> (No, this isn't a new idea; I believe the RTR Frontpage extensions do
> something like this, if memory serves, although they do it within Apache,
> instead of using a wrapper.)
>
> --
> Edward S. Marshall <emarshal@logic.net> http://www.nyx.net/~emarshal/
> -------------------------------------------------------------------------------
> [ Felix qui potuit rerum cognoscere causas. ]
>
>
