Bugtraq mailing list archives
Re: Troff dangerous.
From: robert () CYRUS WATSON ORG (Robert Watson)
Date: Tue, 27 Jul 1999 04:59:30 -0400
On Sun, 25 Jul 1999, Pete wrote:
But as for your statement I would prefer a setuid/gid man (to a dedicated uid and gid) thus *when* your troff is compromised. It will not have the authority to compromise your system.
I agreed entirely with your rant until this point. Making your man programs setuid man does not improve security, only performance due to the caching effect. Let me give an example: because man is setuid to the man uid, the binary must be owned by uid man. As a result, unless the file system is read-only or the immutable bit is used on supporting operating systems, it is writable by the man uid. When you have a trojan man page, the trojaned code runs as uid man, and as such may now modify the man program, etc. If root runs man, it will run the modified man program, and if the man uid is careful to remove the setuid bit from the executable (something it may do as it owns the file) then this new code now runs as root the next time a trojaned man page is executed. All setuid man does is allow a shared cache on man pages, it does not isolate security problems assocated with the man system--any user who runs the man command gives up control of their credentials to any user who can modify the man binary, or trojan a man page. Robert N M Watson robert () fledge watson org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Computing Laboratory at Cambridge University Safeport Network Services
Current thread:
- Re: Troff dangerous. John Robert LoVerso (Jul 25)
- Re: Troff dangerous. Nic Bellamy (Jul 25)
- Re: Troff dangerous. Aaron Campbell (Jul 26)
- Re: Troff dangerous. Olaf Kirch (Jul 26)
- <Possible follow-ups>
- Re: Troff dangerous. Joel Eriksson (Jul 25)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Robert Watson (Jul 27)
- Re: Troff dangerous. Yozo Toda (Jul 25)
- Re: Troff dangerous. Eric Moore (Jul 25)
- Re: Troff dangerous. Ville Nummela (Jul 27)
- Re: Troff dangerous. Pete (Jul 25)
- Re: Troff dangerous. Jason Thorpe (Jul 25)
- Retrieving RDS Data... Wanderley J. Abreu Jr (Jul 26)
- Re: Troff dangerous. Bob Beck (Jul 26)
- Re: Troff dangerous. Ronny Cook (Jul 25)
- Re: Troff dangerous. Steven M. Bellovin (Jul 26)
- Re: Troff dangerous. Groovy Pants Gus (Jul 26)
- Re: Troff dangerous. Nic Bellamy (Jul 25)