Bugtraq mailing list archives
BSDI 3.1/Squid Default Owner
From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Thu, 7 May 1998 15:49:07 -0400
I noticed that by default, SQUID is installed on BSDi 3.1 with the following permissions: ls > ls -la total 234 drwxrwxr-x 2 www www 512 Feb 7 1997 . drwxrwxr-x 3 www www 512 Feb 7 1997 .. -rwxr-xr-x 1 www www 3635 Jan 20 1997 access-extract-urls.pl -rwxr-xr-x 1 www www 4269 Jan 20 1997 access-extract.pl -rwxr-xr-x 1 www www 9168 Jan 20 1997 access-summary.pl -rwxr-xr-x 1 www www 4153 Jan 20 1997 cache-summary.pl -rwxr-xr-x 1 www www 20480 Jan 20 1997 cachemgr.cgi -rwxr-xr-x 1 www www 4280 Jan 20 1997 client -rwxr-xr-x 1 www www 4448 Jan 20 1997 dnsserver -rwxr-xr-x 1 www www 36864 Jan 20 1997 ftpget -rwxr-xr-x 1 www www 2388 Jan 20 1997 pinger -rwxr-xr-x 1 www www 10235 Jan 20 1997 squid-logs.pl -rwxr-xr-x 1 www www 980 Jan 20 1997 squid.daily -rwxr-xr-x 1 www www 980 Jan 20 1997 squid.daily.sample -rwxr-xr-x 1 www www 1813 Jan 20 1997 squid.weekly -rwxr-xr-x 1 www www 1813 Jan 20 1997 squid.weekly.sample -rwxr-xr-x 1 www www 1724 Jan 20 1997 start-squid -rwxr-xr-x 1 www www 1724 Jan 20 1997 start-squid.sample -rwxr-xr-x 1 www www 3068 Jan 20 1997 upgrade-1.0-store.pl Now I've seen what can happen when you have a httpd.conf owned by the same user CGI Runs as (all user's cgi has the ability to modify the file)...the same thing should be possible here. One could easily modify the start-squid file, or a configuration file, to set up a root shell or anything else they care to do; since start-squid is initially run as root, their modifications will be run as root as well. It might be a good idea to modify BSDi to install them owned by root, just as it does with apache. Thank you, Jonathan A. Zdziarski Systems Administrator Netrail Incorporated jonz () netrail net (888) NET-RAIL
Current thread:
- Re: 3Com switches - undocumented access level., (continued)
- Re: 3Com switches - undocumented access level. Durval Menezes (May 06)
- Re: 3Com switches - undocumented access level. Jean-Francois Malouin (May 06)
- Re: 3Com switches - undocumented access level. Riku Meskanen (May 07)
- dip 3.3.7 exploit jamez (May 07)
- dip-3.3.7o exploit zef (May 07)
- Re: 3Com switches - undocumented access level. Eric Monti (May 07)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- NSCA HTTPD (for Windows) bug. Renos (May 08)
- 4 Advisories for Digital Unix: ftp, advs, rpc.statd, ftpd Helmut Springer (May 08)
- xterm exploit [TOG issue] Andrea Arcangeli (May 08)
- BSDI 3.1/Squid Default Owner Jonathan A. Zdziarski (May 07)
- Re: 3Com switches - undocumented access level. Toh Chang Ying (May 08)
- Re: 3Com switches - undocumented access level. Aleph One (May 08)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level.) Joao Carlos Mendes Luis (May 10)
- Re: 3Com switches - undocumented access level.) Riku Meskanen (May 09)
- Re: 3Com switches - undocumented access level. der Mouse (May 08)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- Re: 3Com switches - undocumented access level. Sasha Egan (May 08)
- Re: 3Com switches - undocumented access level. Michael Mittelstadt (May 10)
- Re: 3Com switches - undocumented access level. NetSurfer (May 11)