Bugtraq mailing list archives
Re: Amanda multiple vendor local root compromises
From: tobkin () SOFTWARE UMN EDU (Chris Tobkin)
Date: Mon, 1 Nov 1999 15:20:22 -0600
[...]
DETAILS: Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls /usr/bin/tar and passes all args given to runtar to this program. Tar is thus run with root permissions and is vulnerable to all of the same attacks on suid programs that it would have if it were suid itself.
[...]
WHO IS VULNERABLE: Anyone running a suid version of runtar should be suspicious. I've not tested any other O.S.'s except FreeBSD 3.3, which includes amanda 2.3.0 and 2.4.1 as "additional packages" on the install CD and tar-1.11.2.
[snip] I doubt that this is OS specific in the installation, but all the installs of amanda i've seen (and have running here) have runtar suid root, but perm'd to 7450 (other can't exec it). It may be part of the packages bundled with FreeBSD.. All of our builds are local compilations from source... (In fact, all the suid binaries installed by a `make install` are perm'd o-rwx and have a gid of sys or other) -- All I have for reference here are solaris and AIX machines.. can anyone else confirm? // chris tobkin () umn edu ************************************************************************* Chris Tobkin tobkin () umn edu Java and Web Services - Academic and Distributed Computing Services - UMN ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ "Nothing great was ever achieved without enthusiasm." - Ralph Waldo Emerson, poet, writer, and philosopher *************************************************************************
Current thread:
- Amanda multiple vendor local root compromises Tellier, Brock (Oct 30)
- Re: Amanda multiple vendor local root compromises Ian Turner (Nov 01)
- Re: Amanda multiple vendor local root compromises Chris Tobkin (Nov 01)
- Re: Amanda multiple vendor local root compromises Bill Fumerola (Nov 01)
- Re: Amanda multiple vendor local root compromises monti (Nov 01)
- Re: Amanda multiple vendor local root compromises Rob (Nov 01)
- Unqualified Postings edi () GANYMED ORG (Nov 01)
- Re: Unqualified Postings v0rt (Nov 02)
- <Possible follow-ups>
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)
- Re: Amanda multiple vendor local root compromises Alexandre Oliva (Nov 02)