[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Partial Solution to SUID Problems

To: domino@asgardnet.org, todd@hostopia.com
Subject: Re: [Full-Disclosure] Partial Solution to SUID Problems
From: psz@maths.usyd.edu.au (Paul Szabo)
Date: Sat, 6 Dec 2003 21:42:48 +1100 (EST)

Todd Burroughs <todd@hostopia.com> wrote:

> If, by "messing up with them", you mean "turning off the suid bit", that
> cannot decrease security.  If they think otherwise, they do not know
> what they talk about.  Any program that is suid or sgid can either do
> nothing for or decrease your security.  I cannot think of any possible
> way that keeping suid/sgid could increase your security.  There are some
> exceptions if you want to give people partial root access, like 'sudo'.

Sorry, but I have a counter-example (and admit that I was bitten by it):
pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
that to chown or chmod the pty they just allocated. Turning the suid bit
off prevents your pty from being owned by you so you cannot set safe
permissions, and are vulnerable to "echo badcommand > yourpty".

Cheers,

Paul Szabo - psz@maths.usyd.edu.au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Partial Solution to SUID Problems
  - From: Todd Burroughs <todd@hostopia.com>
- Re: [Full-Disclosure] Partial Solution to SUID Problems
  - From: Michal Zalewski <lcamtuf@ghettot.org>

Prev by Date: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by Date: Re: [Full-Disclosure] Partial Solution to SUID Problems
Previous by thread: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by thread: Re: [Full-Disclosure] Partial Solution to SUID Problems
Index(es):
- Date
- Thread