[1357] in SIPB_Linux_Development
linux security issue
daemon@ATHENA.MIT.EDU (Microcomputer Helpline)
Fri Aug 2 12:04:18 1996
Date: Fri, 2 Aug 96 12:03:27 EDT
To: linux-dev@MIT.EDU
From: Microcomputer Helpline <micro-help@MIT.EDU>
This was sent to the Computing Helpdesk, which doesn't have the resources
to deal with this. One of our senior consultants suggested that we forward
it to this list. Please email micro-help is this was not the appropriate
channel for this kind of issue.
Thanks,
Misha Hill
Helpdesk Consultant
[20726] daemon@ATHENA.MIT.EDU (cmh_chen@MIT.EDU) Network_Help 08/02/96
00:54 (46 lines)
Subject: Linux telnet security problem
From: cmh_chen@MIT.EDU
To: net-help@MIT.EDU
Cc: proac@MIT.EDU, ching@MIT.EDU
Date: Fri, 02 Aug 1996 00:54:18 EDT
2nd August, 1996.
To whom it may concern,
We are the owners of three linux servers on the MITnet:
Micromega.MIT.edu (18.239.0.104), Cliff.MIT.edu (18.239.1.23) and
Kings-College.MIT.edu (18.241.0.193). We believe that we have found
out a serious security problem in the Linux-Athena system.
We discovered that the superuser root can have FULL access
to the account of any user who has logged in to the server via telnet
in the pass few hours. The following is what we did, while logging in
to our Athena accounts at our servers:
~>su
Password: [root password entered]
bash# su <joeuser> [where <joeuser> = any user who has
logged in to the server via telnet recently]
Thu/athena >cd; pwd
/afs/athena.mit.edu/user/j/o/joeuser
After this, one will be able to 'become' that user, with full access
to his/her Athena locker (but no kerberos ticket is obtained, I believe).
However, several hours after the user logs out, this trick will not work.
Also, this problem does not happen to users who use xlogin physically at
the terminal.
We regard the above as an extremely serious security problem, which
affects all users telnetting to our servers. We would like to ask for your
advice on this matter. Please provide us the appropriate instructions to
fix the problem so that security of Athena user accounts can be fully
maintained. It will be to everyone's benefit if this problem can promptly
be solved.
Yours sincerely,
Christopher Leung <proac@mit.edu>
Roland Law <ching@mit.edu>
Hubert Chen <cmh_chen@mit.edu>
0054 2- 8-1996
--[20726]--
-------------------------
Consultant
MIT Computing Helpdesk
Phone: x3-0001
E-Mail: micro-help@mit.edu
