Bugtraq mailing list archives
Re: (forw) Re: bug in su (Slackware 3.4)
From: jfh () AUSTIN IBM COM (Julie Haugh)
Date: Mon, 23 Mar 1998 11:40:26 -0600
Troy, Thanks for the heads up. I imagine that this same sort of problem exists for all of the programs within Shadow which perform logging to a file. I can't think of what other programs perform logging and a quick grep of the version I have here on snowball only shows the su log file as being opened for write. In the process of snooping around, it looks like "usermod" needs to have some work done where it updates the login.defs file. In general I think I need to get ahold of Marek, et alia and add some explicit umask (0277) calls to the commands to close whatever umask related exploits there are. -- Julie. Quoting Troy A. Bollinger (troy () austin ibm com):
FYI - Bugtraq is discussing a bug in your shadow package... ----- Forwarded message from Martin Schulze <joey () DEBIAN ORG> ----- X-Mailer: Mutt 0.88 Date: Sun, 22 Mar 1998 19:28:08 +0100 Reply-To: Martin Schulze <joey () infodrom north de> From: Martin Schulze <joey () DEBIAN ORG> Subject: Re: bug in su (Slackware 3.4) To: BUGTRAQ () NETSPACE ORG On Sun, Mar 15, 1998 at 06:32:26PM +0100, Peter van Dijk wrote:If sulog file logging is enabled in /etc/login.defs (shadowing installed!) and su has never been used, a user can set his umask to 0 and then run su. /var/log/sulog will then be created mode 666, which means user can use su to try lots of passwords and then, when done, do something like cat /dev/null > /var/log/sulog and clear out the logfile. Same goes for sudo. Note: everything will still be logged in syslog (unless disabled!)I have investigated the problem and it turned out that it exists in the shadow package from Julianne Frances Haugh, we're using the snapshot 970616. This probably means that several recent Linux distributions will be affected, not only Slackware.
-- Julianne Frances Haugh RS/6000 Security Development, C2 Tech Lead "Resistance is futile! Bldg 905/2F002, 512-823-8817 (Tie 793) You will be evaluated!" I-net: jfh () austin ibm com -- C2 of Borg
Current thread:
- Re: (forw) Re: bug in su (Slackware 3.4) Julie Haugh (Mar 23)