Bugtraq mailing list archives
Re: [linux-security] Minicom 1.75 Vulnerability
From: miquels () CISTRON NL (Miquel van Smoorenburg)
Date: Mon, 10 Feb 1997 19:27:50 +0100
According to John Henders:
On Feb 10, jason () redline ru (Dmitry E. Kim) wrote:well, here is another standard buffer overrun vulnerability, which may sometimes lead to root compromise (not always. not in new distributions, fortunately). Current Slackware and current RedHat don't install minicom suid root, only sgid/uucp, which is not *that* dangerous. But when you build minicom from source, it asks you to do "chmod +s" on it. Summary: Vulnerability in minicom allows (certain) local users to obtain group "uucp" privileges and, in certain cases, root privileges.Unless it's changed recently, minicom also requires you to be in a minicom.users file to use it at all, which alleviates the risk somewhat. The idea of allowing public users of a system unrestricted access to a dialout port is pretty scarey on it's own, so I would hope anyone using minicom would be pretty careful about who was in that file.
Yes, but you can overrun some buffers using command line options that get processed before the minicom.users file. Auch! Furthermore the minicom.users file isn't checked if minicom is installed setgid instead of setuid. I know this would happen sometime.. minicom is, like sendmail, too big to be secure. And it has been written over the years, much of the code disgusts me know even though I wrote it myself. I'm working on a fix where minicom will not be setuid at all anymore but where it will call a helper program to lock the device and chown() it to the user (if (s)he is in the access file ofcourse). Note that the minicom from Debian distribution is NOT vulnerable because it's not setuid or setgid at all. It just requires the user to be in the "dialout" group, which is the best silution IMO since it also works for all other communication programs and has no security risks at all. I'm not designing any program bigger then one or twohundred lines to run setuid ever again. Little setuid helper programs are much better. Mike.
Current thread:
- Minicom 1.75 Vulnerability Dmitry E. Kim (Feb 09)
- Re: [linux-security] Minicom 1.75 Vulnerability John Henders (Feb 10)
- Re: [linux-security] Minicom 1.75 Vulnerability Miquel van Smoorenburg (Feb 10)
- Security hole in Solaris 2.X ffbconfig + exploit Cristian SCHIPOR (Feb 10)
- Re: [linux-security] Minicom 1.75 Vulnerability John Henders (Feb 10)