Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Todd Burroughs <todd () hostopia com>
Date: Sat, 6 Dec 2003 08:55:31 -0500 (EST)
On Sat, 6 Dec 2003, Paul Szabo wrote:
Sorry, but I have a counter-example (and admit that I was bitten by it): pt_chown (or chgpt or slvmod or whatever). Some OSs use something like that to chown or chmod the pty they just allocated. Turning the suid bit off prevents your pty from being owned by you so you cannot set safe permissions, and are vulnerable to "echo badcommand > yourpty".
This is a good point. I'm mostly used to web servers and other machines with no users. On the web systems, we allow wide open CGIs, etc., so it's essentailly the same as having a shell (no tty though). We have some controls in place and otherwise, have fun and we'll delete you if you're bad. I'll keep this in mind, we're planning to make a shell server for customers to play on ;-) I quite likely would have missed this, except that we're messing with the kernel and I'm not sure if we got that one... Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Partial Solution to SUID Problems, (continued)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)