Re: SECURITY: Red Hat Linux 5.1 linuxconf bug

[sergio () pratonext it (Sergio Ballestrero)]

On Thu, 28 May 1998, Michael K. Johnson wrote:

> In Red Hat Linux 5.1, linuxconf version 1.11r11-rh2 was inadvertantly
> setuid root.  This creates the potential for security holes that allow
> attackers to gain root access to your machine.  (Users of Red Hat
> Linux 5.0 and earlier are NOT affected, as linuxconf was not included
> with any previous version of Red Hat Linux.)
>
> If you have installed Red Hat Linux 5.1, you can immediately remove
> the danger by logging in as root and running the command:
>
>       chmod -s /bin/linuxconf
>
> We also recommend that you update to the latest version of linuxconf,
> linuxconf-1.11r11-rh3, which fixes this bug.
> Thanks to BUGTRAQ for finding and reporting this.

 the binary RPMs have always been shipped with suid linuxconf. Does this
announce mean that linuxconf has been found insecure, so that is MUST not
be used suid ? I haven't seen anything about linuxconf on BUGTRAQ, apart
from your posting.

 The fact is, linuxconf's most valuable feature, to me, is the possibility
to delegate user administration. If i drop SUID, i cannot do that anymore
- right ? And i cannot use remote admin, too.

 So, if linuxconf is so insecure that one cannot dare having it suid, it
almost becomes useless.

 Could you (Michael, Jacques) please clarify about Linuxconf security ?
It is fundamental to know whether the security risks are only from local
users, or also from external attacks.

 Is there somebody doing security auditing on Linuxconf ?

                             Cheers, Sergio

 -------------------------------------------------------------------------
   Sergio Ballestrero                                    PratoNeXt s.r.l.
     System Manager                           Via Giotto 27 59100 Prato
     sergio () pratonext it                        Tel 604350 - Fax 604454
 -------------------------------------------------------------------------