Full Disclosure mailing list archives
Re: Partial Solution to SUID Problems
From: Valdis.Kletnieks () vt edu
Date: Sat, 06 Dec 2003 19:31:32 -0500
On Sat, 06 Dec 2003 19:07:54 +0100, Michal Zalewski said:
time, which is doubtful. The only use of 'su' is when you believe the old and silly rule not to allow direct root logins... but the rule is of very little value - it does not truly make any kind of attack more difficult or less likely to succeed, and having an extra setuid program (a fairly complex one, and with several vulnerabilities in the past) is a high price to pay.
Sometimes, old and silly rules aren't just about security. The *real* reason for the "always su from a user account" rule isn't to stop exploits. It's so you have an audit trail of who did what. Quite often in a large shop, you'll have 5 or 6 people who have legitimate root access to a box. Now, no sysadmin is perfect, so somebody *will* screw up eventually. So you're sitting there at 2AM trying to fix something, and find that somebody started changing something, got halfway through, didn't update the Changelog file, and you have no idea what the other half of the change is supposed to be (or even perhaps which half of the change can be backed out). (And yes, I've seen it happen. No matter how dedicated the sysadmin, if the phone rings and they find out their kid fell out of a tree and broke their arm, that change won't get completed or documented - they're out the door and on the way to the hospital). If everybody logs in as root directly, you get to call all 5 other people and hope the first one or two know what's going on. If everybody logs in as themselves, and then su's, you can say "Hey, Charlie logged in at 14:08, and su'ed at 14:10, and the file got changed at 14:15. He's probably the one we need to wake up".
Attachment:
_bin
Description:
Current thread:
- Partial Solution to SUID Problems Todd Burroughs (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- new dos attack? Geo. (Dec 04)
- Re: new dos attack? Jonathan A. Zdziarski (Dec 04)
- Re: Partial Solution to SUID Problems Ciro (Dec 05)
- Re: Partial Solution to SUID Problems Vladimir Parkhaev (Dec 05)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 07)
- Re: Partial Solution to SUID Problems Karl DeBisschop (Dec 07)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 07)
- Re: Partial Solution to SUID Problems Valdis . Kletnieks (Dec 06)
- new dos attack? Geo. (Dec 04)
- Re: Partial Solution to SUID Problems Gino Thomas (Dec 04)
- Re: Partial Solution to SUID Problems Markus Friedl (Dec 07)
- Re: Partial Solution to SUID Problems Brian Hatch (Dec 07)
- Re: Partial Solution to SUID Problems Henning Brauer (Dec 08)
- <Possible follow-ups>
- Re: Partial Solution to SUID Problems Paul Szabo (Dec 06)
- Re: Partial Solution to SUID Problems Todd Burroughs (Dec 06)
- Re: Partial Solution to SUID Problems Michal Zalewski (Dec 06)