Bugtraq mailing list archives
Re: hole in sudo for MP-RAS.
From: cschuber () uumail gov bc ca (Cy Schubert - ITSD Open Systems Group)
Date: Mon, 12 Jan 1998 15:20:49 -0800
There is a bug in sudo versions (at least) 1.5.2 and 1.5.3 on NCR's MP-RAS that makes it trivial to bypass sudo's restrictions. I reported this to the sudo-bugs address given in the source on 12/23/97, but never heard back, so screw 'em. It is important to note that MP-RAS is one of the platforms listed in the RUNSON file included with the distribution, so there are probably many people running this; I imagine you will want to reconsider it if you are one of them.
This bug exists on all platforms. Sudo does not handle relative directories properly . ../../../usr/bin/date would also bypasses the access list. In short inclusion lists are are safe. Exclusion lists are not safe.
--jml
Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 UNIX Support OV/VM: BCSC02(CSCHUBER) ITSD BITNET: CSCHUBER@BCSC02.BITNET Government of BC Internet: cschuber () uumail gov bc ca Cy.Schubert () gems8 gov bc ca "Quit spooling around, JES do it."
Current thread:
- Addendum to FrontPage password issue hostmaster (Jan 09)
- Re: Addendum to FrontPage password issue Kosmas Skiadopoulos (Jan 11)
- perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- Again: perl version of that tin opener (IOS decrypt.c) Riku Meskanen (Jan 11)
- bug in Solaris 2.6 security logging Ruth Milner [VLA] (Jan 12)
- Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- [SIGNED] Buffer overflows in Deliver: get 2.1.13 Chip Salzenberg (Jan 12)
- KSR[T] Advisory #6: deliver KSR[T] (Jan 12)
- Re: KSR[T] Advisory #6: deliver Chip Salzenberg (Jan 12)
- hole in sudo for MP-RAS. osiris () COURIER CB LUCENT COM (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Cy Schubert - ITSD Open Systems Group (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 13)
- Re: hole in sudo for MP-RAS. dsiebert () ICAEN UIOWA EDU (Jan 12)
- Re: hole in sudo for MP-RAS. Todd C. Miller (Jan 12)
- CPSN 9:971208: Solaris /var Permission Problems CPIO Advisory Role Account (Jan 12)