[16083] in bugtraq
Re: [lids] bug
daemon@ATHENA.MIT.EDU (Georg Zoeller)
Fri Aug 4 12:56:50 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <019f01bffe23$c5bbe880$1a20b9c3@meffert.de>
Date: Fri, 4 Aug 2000 16:53:38 +0200
Reply-To: Georg Zoeller <zoeller@MEFFERT.DE>
From: Georg Zoeller <zoeller@MEFFERT.DE>
X-To: lids@egroups.com
To: BUGTRAQ@SECURITYFOCUS.COM
/lidadm -S -- -LIDS seems to contain this bug too, in a way:
---------------
(user2 is a standard non root user!)
login....
....................................................................
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
bash$ su
Password:
[root@penguin user]# /sbin/lidsadm -S -- -LIDS
SWITCH
enter password:
[root@penguin user]#su user2
bash$ joe /etc/passwd
(file is not read-only, can be modfied)
bash$ joe /etc/fstab
(file is not read only, can be modified)
bash$ ls -l /etc/fstab
-rw-r--r-- 1 root root 684 Jul 24 16:28 /etc/fstab
bash$ exit
[root@penguin user]#exit
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
......................................................................
Seems to me that the -LIDS shell does not drop the root privileges when
switching to non-root accounts.
regards
georg
----- Original Message -----
From: "Kevin H Kamel" <kamelkev@glue.umd.edu>
To: <lids@egroups.com>
Sent: Friday, August 04, 2000 4:27 PM
Subject: Re: [lids] bug
>
>
> Ive never issued -LIDS_GLOBAL either. I usually just do -LIDS... does
> -LIDS do this same thing? I thought that -LIDS would only allow that
> particular session to be running as UID=0, but you need to be root to turn
> it off anyway, so that doesnt really matter...
>
> why would you run this -LIDS_GLOBAL? From the security standpoint maybe
> that shouldnt exist at all?
>
> -Kevin
>
>
> On Fri, 4 Aug 2000, Georg Zoeller wrote:
>
> > ... granted, it is very seldom that I boot with /security=0 (and if I do
> > i'll disconnect from the net),
> > but from time to time you'll need to issue a -LIDS_GLOBAL to test some
> > things and then it
> > really gets ugly. What is severe if not having all users running as kind
of
> > uid=0 on your system?
> >
> > regards
> > georg
> >
> > ----- Original Message -----
> > From: "Kevin Kamel" <kamelkev@glue.umd.edu>
> > To: <lids@egroups.com>
> > Sent: Friday, August 04, 2000 4:07 PM
> > Subject: [lids] bug
> >
> >
> > > You know the bug is a problem, but I wouldn't exactly quantify it as
> > > "severe". If your system is set up properly you would need to pass the
> > > security=0 from console to get the bug to happen. How often do you
> > actually
> > > do this? I have *never* had to boot the kernel with security=0, I
thought
> > > that was just in emergency cases when your really screwed up your
> > > configuration. So if you have the "buggy" version right now, just make
> > sure
> > > you disconnect from the net if your going to do security=0, short of
that
> > > you should be ok...
> > >
> > > -Kevin Kamel
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
>
>
> --------------------------------------------------------------------<e|-
> Download iPlanet Web Server, FastTrack Edition 4.1 for FREE,
> and start publishing dynamic web pages today!
> http://click.egroups.com/1/7540/13/_/18396/_/965399265/
> --------------------------------------------------------------------|e>-
>
>
