[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Partial Solution to SUID Problems

To: Paul Szabo <psz@maths.usyd.edu.au>
Subject: Re: [Full-Disclosure] Partial Solution to SUID Problems
From: Todd Burroughs <todd@hostopia.com>
Date: Sat, 6 Dec 2003 08:55:31 -0500 (EST)

On Sat, 6 Dec 2003, Paul Szabo wrote:

> Sorry, but I have a counter-example (and admit that I was bitten by it):
> pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
> that to chown or chmod the pty they just allocated. Turning the suid bit
> off prevents your pty from being owned by you so you cannot set safe
> permissions, and are vulnerable to "echo badcommand > yourpty".

This is a good point.  I'm mostly used to web servers and other machines
with no users.  On the web systems, we allow wide open CGIs, etc., so
it's essentailly the same as having a shell (no tty though).  We have
some controls in place and otherwise, have fun and we'll delete you if
you're bad.

I'll keep this in mind, we're planning to make a shell server for
customers to play on ;-)  I quite likely would have missed this, except
that we're messing with the kernel and I'm not sure if we got that one...

Todd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Partial Solution to SUID Problems
  - From: psz@maths.usyd.edu.au (Paul Szabo)

Prev by Date: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by Date: RE: [Full-Disclosure] Drunkeness
Previous by thread: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by thread: Re: [Full-Disclosure] Partial Solution to SUID Problems
Index(es):
- Date
- Thread