Bugtraq mailing list archives
Re: libresolv+ bug
From: nick () zeta org au (Nick Andrew)
Date: Thu, 22 Aug 1996 22:56:57 +1000
Forwarding a message from Thomas Ptacek:
The primary problem, as I see it, is not that SUID programs are being written poorly, or that the sensitivity of SUID programs is not being adequately dealt with by the operating system, or the compilers that produce the executable code; it's that SUID programs, as present in most modern Unix operating systems, are being written at all.
The problems are orthogonal. Poorly written programs can still be exploited through buffer overflows, stack corruption and the like. The only difference is - if the program has no additional privileges then the program can do nothing which the intruder couldn't do anyway. The exceptions are if the program is running as a different user (e.g. root) or group, or is running on a machine (or in an environment) in which the intruder does not have privilege to execute code. However, as soon as _any_ additional privilege is granted, the same old vulnerabilities come back to haunt us. Additional privilege implies that an intruder could abuse that privilege. It hurts so much because "additional privilege" usually means root access.
Beyond that, no Unix OS I know of allows admins or programmers to reliably specify privileges in anything more than an "all or none" fashion - if your program needs permissions to write to /etc/passwd, you need to let it run /bin/sh and write to /root/.rhosts as well.
/etc/passwd could be given group write permission - but then, once a program _can_ write /etc/passwd it can pretty-much subvert the rest of the system to its own ends without any trouble.
I think it's been adequately demonstrated to us that the POSIX saved credentials solution insufficiently addresses the potential for subversion most SUID programs have.
I think it protects the filesystem - or rather, it protects against filesystem-based attacks. No such protection against code subversion. Nick. -- Kralizec Dialup Internet System Data: +61-2-9837-1183, 9837-1868 Zeta Microcomputer Software Fax: +61-2-9837-3753 Voice: 9837-1397 P.O. Box 177, Riverstone NSW 2765 http://www.kralizec.net.au/
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Elliot Lee (Aug 20)
- Re: libresolv+ bug Nick Andrew (Aug 20)
- Re: libresolv+ bug Jon Lewis (Aug 20)
- SigSev -> Security Hole Tim Smithers (Aug 20)
- Re: SigSev -> Security Hole Brian Mitchell (Aug 20)
- Re: libresolv+ bug Don Lewis (Aug 20)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Zygo Blaxell (Aug 21)
- Re: libresolv+ bug Julian Assange (Aug 21)
- Re: libresolv+ bug Thomas Ptacek (Aug 21)
- Re: libresolv+ bug Nick Andrew (Aug 22)
- Re: libresolv+ bug John Macdonald (Aug 22)
- Re: libresolv+ bug David Holland (Aug 22)
- Re: libresolv+ bug Zygo Blaxell (Aug 22)
- Re: libresolv+ bug Mikolaj J. Habryn (Aug 23)