Bugtraq mailing list archives
Re: [linux-security] Re: Possible bufferoverflow condition in
From: shaunl () march co uk (Shaun Lowry)
Date: Fri, 16 Aug 1996 09:28:53 +0100
Vidar Madsen <vidar () intercom no> writes:
[discussion about mount and umount being suid root]This would be a good canidate for sudo. As any good sysadmin will keep telling you... Disable ALL suid programs that are not necessary for the normal operation of the system. If a user needs to mount filesystems, use sudo to all the operation as root.As far as I can see, the same security flaws would be equally exploitable when going through sudo or having the program suid root? After all, the exploit in mount/umount goes through the command line, and would therefore not be "filtered out" in any way even though one starts it from sudo?
Precisely why we need something more fine-grained than suid. A good example has been set in the form of the SVR4.2 privilege mechanism, which allows nominated executables restricted access to administration functions. A good example (bearing in mind recent discussions on this list) is ping. Ping is not suid root by default on SVR4.2 systems, but it is explicitly allowed to bind privileged ports in order to perform its function when executed by non-root users. I sincerely hope that this makes it through the current round of SCO/HP UNIX revamps, along with HPUX's ACLs and some sort of user-oriented privilege granting mechanism like the various methods being discussed on Access Control. Shaun. -- Shaun Lowry | March Systems Ltd., http://www.march.co.uk/ PGP Key available | 14 Brewery Court, High St., from key servers or | Theale, UK. RG7 5AJ via e-mail on request | +44 118 930 4224
Current thread:
- Re: Possible bufferoverflow condition in lpr, xterm and xload Wolfram Schmidt (Aug 13)
- <Possible follow-ups>
- Re: Possible bufferoverflow condition in lpr, xterm and xload Jeff Uphoff (Aug 13)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Digital Dreamer (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in David DeSimone (Aug 14)
- Re: [linux-security] Re: Possible bufferoverflow condition in Vidar Madsen (Aug 15)
- Re: [linux-security] Re: Possible bufferoverflow condition in Shaun Lowry (Aug 16)
- Re: [linux-security] Re: Possible bufferoverflow condition in Mike Jackson (Aug 14)
- The buggy realpath.c Alan Cox (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Nick Andrew (Aug 20)