lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: todd at hostopia.com (Todd Burroughs)
Subject: Partial Solution to SUID Problems

On Sat, 6 Dec 2003, Paul Szabo wrote:

> Sorry, but I have a counter-example (and admit that I was bitten by it):
> pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
> that to chown or chmod the pty they just allocated. Turning the suid bit
> off prevents your pty from being owned by you so you cannot set safe
> permissions, and are vulnerable to "echo badcommand > yourpty".

This is a good point.  I'm mostly used to web servers and other machines
with no users.  On the web systems, we allow wide open CGIs, etc., so
it's essentailly the same as having a shell (no tty though).  We have
some controls in place and otherwise, have fun and we'll delete you if
you're bad.

I'll keep this in mind, we're planning to make a shell server for
customers to play on ;-)  I quite likely would have missed this, except
that we're messing with the kernel and I'm not sure if we got that one...

Todd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ