[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0312060848240.13574@suse.bluegenesis.com>
From: todd at hostopia.com (Todd Burroughs)
Subject: Partial Solution to SUID Problems
On Sat, 6 Dec 2003, Paul Szabo wrote:
> Sorry, but I have a counter-example (and admit that I was bitten by it):
> pt_chown (or chgpt or slvmod or whatever). Some OSs use something like
> that to chown or chmod the pty they just allocated. Turning the suid bit
> off prevents your pty from being owned by you so you cannot set safe
> permissions, and are vulnerable to "echo badcommand > yourpty".
This is a good point. I'm mostly used to web servers and other machines
with no users. On the web systems, we allow wide open CGIs, etc., so
it's essentailly the same as having a shell (no tty though). We have
some controls in place and otherwise, have fun and we'll delete you if
you're bad.
I'll keep this in mind, we're planning to make a shell server for
customers to play on ;-) I quite likely would have missed this, except
that we're messing with the kernel and I'm not sure if we got that one...
Todd
Powered by blists - more mailing lists