Full Disclosure mailing list archives
Re: Dangerous permissions in unitedlinux
From: Roman Drahtmueller <draht () suse de>
Date: Mon, 7 Apr 2003 22:14:01 +0200 (MEST)
-----BEGIN PGP SIGNED MESSAGE----- Hello Knud, While all of the four UnitedLinux partners Conectiva, SCO, TurboLinux and SuSE have greatly contributed to what UnitedLinux is today, SuSE has the role of the product integrator of UnitedLinux 1.0. I'm answering as head of security at SuSE.
Attached document explains all. Rant: People using a product called 'antigen' should be shot, stabbed, and
No comment on the rant... [quotes strongly shortened]
According to the vendor "UnitedLinux addresses enterprise customers' needs for a high quality, low cost, standards-based Linux environment that enables the widespread adoption of Linux." II. DESCRIPTION The folders below /usr/src/packages/ ships with the following permissions: drwxrwxrwt, which makes it writeable by all users. III. ANALYSIS This makes way for planting of rogue source, ultimately leading to a full system compromise. IV. DETECTION UnitedLinux 1.0 (i586) beta3 is found to be vulnerable.
Generally, it might be a bad idea to report security related problems in a beta after the product has been released. But anyway: The final UnitedLinux 1.0 products contain the same setup: All directories within /usr/src/packages are world-writeable with the t-flag set (mode 1777). The modes have been set like this intentionally to make it possible for a non-root user to (re)build packages using the command 'rpm --rebuild package.spm'. By consequence, this is a tradeoff: Either you don't provide the modes necessary for non-root package builds, or you take the risk that somebody plants an egg in those directories.
V. WORKAROUND Change the permissions on /usr/src/packages/* and below to something more suitable.
We have thought of an easier way than changing the modes manually: vi /etc/sysconfig/security and change PERMISSION_SECURITY from "easy local" to "secure local". Afterwards, either run SuSEconfig or 'chkstat -set /etc/permissions.secure'.
VI. VENDOR FIX unknown
None.
IX. CREDIT Knud Erik Højgaard/kokanin[a]dtors.net
Thanks, Roman Drahtmüller, SuSE Security. - - -- - - | Roman Drahtmüller <draht () suse de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: SuSE Security iQEVAwUBPpHcGXey5gA9JdPZAQG6wQgAk+vcXCYCeZuF0iH6sh0t+0QoDp0wYuJ6 VC5negBSgrrprlJ94hDP67MlZchN+euLfbaEB2+Ipp7x3g0j1ZDn1ZTlcQ6i6bIM X6J/S+YiBmzBhr21bk2rjKNoQfA7/PXJAuYgHOUQvgN4yKzhVdZ24fuWLQgCDpYA OxQjM1BB4rZmuqrKG5z+Kcb7d+bIrhPn35v5vfKaONwhiDRo0CmIAloV2uds7poy KZb5ua7BFYSS9JwfeUlt9juOsK55vP/aZdO4JPfD0fAol4DWwNyaTmsnNZoQJAfQ KwZEo124SIcEfBpd+3sb72tqPN6V1NegrLnwYtTmrw/IxQZuuN42sQ== =gGrW -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Dangerous permissions in unitedlinux Knud Erik Højgaard (Apr 07)
- <Possible follow-ups>
- Re: Dangerous permissions in unitedlinux Roman Drahtmueller (Apr 07)