[3041] in bugtraq
Re: bin owned system files
daemon@ATHENA.MIT.EDU (Bruce Barnett)
Fri Jul 26 19:02:47 1996
Date: Fri, 26 Jul 1996 17:13:44 -0400
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Bruce Barnett <barnett@grymoire.crd.ge.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
> Are there any known problems/bugs/etc.
> with "root" executing system binaries
> owned by "bin" as long as the "bin"
> account is disabled in /etc/passwd.
> (i.e. * for password and /bin/false
> for the shell).
As Spaf says, NFS is one big problem. Having directories like /usr/bin
owned by bin, group bin, owner and group writable is asking for trouble.
Anyone that can be part of group "bin" can modify any of the files.
The directories should be owned by root, not bin, and mode 755, not 775.
It is true you could add someone to group "bin" and allow that person
to update those files, but this is very dangerous, IMHO.
The other point is that each application that uses accounts must be
examined. Telnet/rlogin/rsh uses the shell field in the /etc/passwd
file. What about ftp? Make sure the /etc/shells file is configured
properly. Any other applications use the user name?
I remember that there was a version of the Sun TOPS remote file
service (for Macintoshes) that didn't look at the shell field. So you
could log onto user ID "sync", with uid 0, and become root....
- Bruce Barnett
