lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Apr 2019 13:20:30 -0700
From: Kurt H Maier <>
To: Victor Angelier CCX <>
Cc: "" <>
Subject: Re: [FD] Redhat/CentOS root through network-scripts

On Mon, Apr 15, 2019 at 09:36:39AM +0000, Victor Angelier CCX wrote:
> Hi there,
> Just found an issue in Redhat/CentOS which according to RedHat 
> security team is not an issue. I don't know, sounds weird to me.
> If, for whatever reason, a user is able to write an ifcf-<whatever>
> script to /etc/sysconfig/network-scripts or it can adjust an existing 
> one, then your system in pwned.
> Network scripts, ifcg-eth0 for example are used for network
> connections. The look exactly like .INI files. However, they are 
> ~sourced~ on Linux by Network Manager (dispatcher.d).
Yes, if a root-user process executes a script as root then the resulting
commands are indeed run as root.
Those are not INI files, they are shell scripts that set environment
variables.  If you do not want your users to have root access on your 
computer, do not let them edit files that are run as root.  

Your example command configures the environment variable NAME to have
the value 'Network' when the shell runs /bin/id.

This is why NetowrkManager uses interprocess communications to send 
user-driven configuration directives to root-permissioned daemons.
There are other linux distributions that have different methods for
configuring networks, but there is nothing wrong with shell commands,
even when the root user runs them.  Just don't let users edit files in
/etc -- which is why the permissions on these files and directories are
set the way they are.

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists