Vulnerability Development mailing list archives
Re: Window manager - implementation bug/feature ???
From: eparker () MINDSEC COM (Erik Parker)
Date: Thu, 7 Oct 1999 11:01:55 -0600
<snip> This is normal behaviour under Red Hat *ONLY* when you log in physically to the machine (i.e. from the console). Red Hat assumes that normal users who are sitting in front of the machine will want to play CDs, use audio, etc. without having to become root. This increases security, because people don't need the root password to play CDs anymore. It doesn't happen if you log in remotely by telnet. For more details, man console.perms and console.apps, and check the fiels listed by rpm -ql pam.
Let me tell you.. This just SCARES the hell out of me. Slackwares implementation of the shadow password suite, gives you this option in the login.defs file.. # # List of groups to add to the user's supplementary group set # when logging in on the console (as determined by the CONSOLE # setting). Default is none. # # Use with caution - it is possible for users to gain permanent # access to these groups, even when not logged in on the console. # How to do it is left as an exercise for the reader... # #CONSOLE_GROUPS floppy:audio:cdrom So you can pick what groups users automagically have access to when they sit down at console. it is a good idea, and granted, many sit down, and if its at your home and not in a server environment, this is probably OK. However, /dev/hdc is what bothers me. You give a certain amount of trust to let a friend sit at your linux box anyway, since if they really wanted to, compromising it while your away for 30 minutes wouldn't be difficult.. however it would be noticed in most cases.. (uptime.. luckily, most of my friends are idiots when it comes to anything but Microsoft billyware).. However, /dev/hdc is not his CDrom unless his primary hard drive is SCSI, and his cdrom is primary IDE.. then I can understand that.. but it doesn't sound like that is the case.. sounds like the user when the login has access to everything on that drive. But he said this was when he launched Gnome or KDE.. Does Redhat have an implementation of their own startx type programs, that change these permissions? But again, you shouldn't be starting X as root anyway, just use the SUID wrapper. Erik Parker eparker () mindsec com
Current thread:
- Re: solaris DoS (fwd) Erik Parker (Oct 04)
- Re: solaris DoS (fwd) Mixter (Oct 05)
- Re: solaris DoS (fwd) Drazen Kacar (Oct 05)
- Re: solaris DoS (fwd) Erik Parker (Oct 06)
- Re: solaris DoS (fwd) Drazen Kacar (Oct 07)
- Re: solaris DoS (fwd) Arindum Mukerji (Oct 07)
- Re: solaris DoS (fwd) Erik Parker (Oct 07)
- Re: solaris DoS (fwd) Drazen Kacar (Oct 05)
- Window manager - implementation bug/feature ??? Mithun Bhattacharya (Oct 06)
- Re: Window manager - implementation bug/feature ??? Chris Wilson (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 07)
- Re: Window manager - implementation bug/feature ??? Michael Jennings (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 08)
- Re: Window manager - implementation bug/feature ??? Jim Paris (Oct 08)
- Console permissions in RH 6.X (was: Re: Window manager - impementation...) Taneli Huuskonen (Oct 09)
- Re: Console permissions in RH 6.X (was: Re: Window manager - impementation...) Seth R Arnold (Oct 09)
- Re: solaris DoS (fwd) Mixter (Oct 05)
- Re: Window manager - implementation bug/feature ??? Ron DuFresne (Oct 08)
- Re: Window manager - implementation bug/feature ??? Metal Hurlant (Oct 07)
- Re: Window manager - implementation bug/feature ??? Erik Parker (Oct 07)
- Re: Window manager - implementation bug/feature ??? Jani Ollikainen (Oct 07)
- Re: solaris DoS (fwd) Jesus Cea Avion (Oct 18)