Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Michal Zalewski <lcamtuf () ghettot org>
Date: Sat, 6 Dec 2003 18:42:50 +0100 (CET)
On Sat, 6 Dec 2003, Paul Szabo wrote:
Sorry, but I have a counter-example (and admit that I was bitten by it): pt_chown (or chgpt or slvmod or whatever). Some OSs use something like that to chown or chmod the pty they just allocated.
Oh, you mentioned pt_chown... let me crawl out of my cave for a second or two, then. I think that solutions like pt_chown introduce just as many problems as they solve - you get bugs in pt_chown instead of bugs caused by world-writable ttyXX. It is also just plain dangerous - system security should not depend on having setuid flag on any program and fail silently when the flag is gone - as it might get accidentally removed when restoring from backup or upgrading the software, be intentionally removed or disabled (nosuid), etc. As such, pt_chown is a great example when not to use suid helpers. A much better way to solve this problem would be to modify the kernel (or install a module) to chown ttyXX to uid of the caller and chmod it appropriately when you open ptyXX (which can be done only once, and is performed prior to opening ttyXX, which must be not open already - per pseudo-terminal semantics). It pretty much fixes the problem and allows screen, mc and many other programs to run flawlessly with no setuid helpers without causing any impact on other functionality. Linux also took a fairly good approach with the /dev/pts filesystem, but it is a major change that required many programs to be modified (so does pt_chown, though) - and is also more risky, I imagine. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2003-12-06 18:27 -- http://lcamtuf.coredump.cx/photo/current/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Partial Solution to SUID Problems, (continued)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)