lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.61-042.0702061455350.9899@unix33.andrew.cmu.edu>
Date: Tue, 6 Feb 2007 15:05:52 -0500 (EST)
From: Ivan Jager <aij+nospam@...rew.cmu.edu>
To: "Andrea \"bunker\" Purificato" <bunker@...twebnet.it>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: PS Information Leak on HP True64 Alpha OSF1 v5.1 1885

On Tue, 6 Feb 2007, Andrea "bunker" Purificato wrote:
> [After months of silence from the "HP Software Security Response Team"]
>
>
> -Type: Information leak
> -Risk: low
> -Author: Andrea "bunker" Purificato - http://rawlab.mindcreations.com
>
> -Description: the "ps" command (also /usr/ucb/ps) on HP OSF1 v5.1 Alpha,
> developed without an eye to security, allows unprivileged users to see
> values of all processes environment variables.
>
> It's something similar to "raptor_ucbps" (by Marco Ivaldi) for Solaris.
>
> I've tested it only on OSF1 v5.1 1885.
> If you remove bit suid from executable, "ps" doesn't work correctly.
>
> -Code: http://rawlab.mindcreations.com/codes/exp/nix/osf1true64ps.ksh

Your post reminded me of something I had read in some program's 
documentation many moons ago.

Quote from the Postgres documentation:
"PGPASSWORD sets the password used if the server demands password 
authentication. Use of this environment variable is not recommended for 
security reasons (some operating systems allow non-root users to see 
process environment variables via ps); instead consider using the 
~/.pgpass file (see Section 29.13)."


I kind of wonder if they are specifically refering to Tru64, or if there 
are others too. I would guess the behavior you just discovered has been 
known for a long time.

Ivan

PS: Why should ps to work correctly without the setuid bit?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ