Bugtraq mailing list archives
Re: libresolv+ bug
From: jmm () elegant com (John Macdonald)
Date: Thu, 22 Aug 1996 14:55:49 -0400
Nick Andrew wrote : || Forwarding a message from Thomas Ptacek: || > The primary problem, as I see it, is not that SUID programs are being || > written poorly, or that the sensitivity of SUID programs is not being || > adequately dealt with by the operating system, or the compilers that || > produce the executable code; it's that SUID programs, as present in most || > modern Unix operating systems, are being written at all. It is not setuid programs that are at fault, it is setuid-to-root programs. The setuid facility is a reasonable low-level means for building encapsulated security programs, but instead of designing a program to have its own id too many people just use root. (uucp and lp are examples of program suites that were designed to not need to run as root). || The problems are orthogonal. Poorly written programs can still be || exploited through buffer overflows, stack corruption and the like. || The only difference is - if the program has no additional privileges || then the program can do nothing which the intruder couldn't do anyway. || || The exceptions are if the program is running as a different user (e.g. || root) or group, or is running on a machine (or in an environment) in || which the intruder does not have privilege to execute code. || || However, as soon as _any_ additional privilege is granted, the || same old vulnerabilities come back to haunt us. Additional privilege || implies that an intruder could abuse that privilege. It hurts so much || because "additional privilege" usually means root access. However, if every different area of privilege runs as a different account, then these vulnerabilities only expose the facilties available to the program that has the bug, rather than exposing the entire system. -- Daddy didn't obey that traffic signal... | John Macdonald the green arrow pointing straight up. | jmm () Elegant COM Katrina Macdonald (4 years old) |
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Nick Andrew (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- SigSev -> Security Hole Tim Smithers (Aug 20)
- Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Nick Andrew (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug Thomas Ptacek (Aug 21)
- Re: libresolv+ bug Nick Andrew (Aug 22)
- Re: libresolv+ bug John Macdonald (Aug 22)
- Re: libresolv+ bug David Holland (Aug 22)
- Re: libresolv+ bug Zygo Blaxell (Aug 22)
- Re: libresolv+ bug Mikolaj J. Habryn (Aug 23)