Bugtraq mailing list archives
Re: (WORKAROUND) More on UnixWare 2.x vulnerability
From: Hannu.Laurila () japo fi (Hannu Laurila)
Date: Sat, 24 Aug 1996 22:32:46 +0300
On Sat, 24 Aug 1996, Todd Vierling wrote:
I've found out a more about UnixWare 2. It seems the system (and I don't know if SCO's own native OSs do this, SCO UNIX/SCO XENIX/SCO OpenServer) allows chown'ing a file *to* any arbitrary user and group.
I couldn't check/test for the vulnerability but I think all users of Unixware and other SVR4-unixes should check that their boxes are configured with the BSD-style behaviour of chown/chgrp. It is simply safer in general. Unixware 2.0x, by default, uses the old AT&T behaviour but it can be adjusted with a single kernel tunable. For other security reasons, I asked on comp.unix.unixware.misc how to tune the behaviour about 2 or 3 months a go and here is a quote from the Unixware trouble-FAQ, it consists of my question and Andrew Josey's answer (thanks Andrew!): --- clip --- Subject: T41) How can I revert to the BSD form of (restricted) chown? By default, chown() system call comes with the old AT&T behavior and allows a user to change the ownership of a file he owns to that of any other user on the system. How can I modify the behavior to the BSD-form (only root can change the ownership of a file)? The BSD way is the FIPS 151-2 and XPG4 way, and indeed there is a tuneable called RSTCHOWN. For strict conformance (and when testing for POSIX FIPS 151-2, XPG etc) this should be set to one. /etc/conf/bin/idtune -g RSTCHOWN will return its value. To set it do # /etc/conf/bin/idtune RSTCHOWN 1 # /etc/conf/bin/idbuild and then reboot. --- Hannu Laurila - kube () japo fi * Kauppakatu 10, FIN-62900 ALAJÄRVI Alajärven Puhelinosuuskunta * Tel +358 66 557 2209 - Fax +358 66 557 2788
Current thread:
- Re: IE 3.0?, (continued)
- Re: IE 3.0? Dave Andersen (Aug 23)
- More on the UnixWare problem Todd Vierling (Aug 23)
- resolv+ and finger... C. Hodges (Aug 23)
- Vulnerability in the Xt library Aleph One (Aug 24)
- Re: Vulnerability in the Xt library Stefan `Sec` Zehl (Aug 25)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 27)
- Re: Vulnerability in the Xt library Casper Dik (Aug 28)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 28)
- RFD: libsuid VaX#n8 (Aug 24)
- More on UnixWare 2.x vulnerability Todd Vierling (Aug 24)
- Re: (WORKAROUND) More on UnixWare 2.x vulnerability Hannu Laurila (Aug 24)
- polyglots (multi-language programs) John Nemeth (Aug 24)