lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Apr 2019 06:43:28 +0000 From: Victor Angelier CCX <vangelier@...mail.com> To: Kurt H Maier <khm@...ops.net> Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: Re: [FD] Redhat/CentOS root through network-scripts sounds clear, thanks! Met vriendelijke groet, Kind regards, the Coding Company [cid:6ccbe4bb-c1c0-4df5-9d4b-636a22d7d37a] V.A. (Victor) Angelier CISO,Certified Hacker, CAST611 Certified Advanced Pentester, DevOps PGP: 612C4BB2<https://pgp.mit.edu/pks/lookup?op=get&search=0x0188D45D612C4BB2> T: +31 55 302 00 10 (Main number) M: +46 76 835 6450 (Swedish) M: +31 6 195 22 602 (Dutch) E: victor@...codingcompany.se W: www.thecodingcompany.se<http://www.thecodingcompany.se/> Official OWASP Member (Id:000015019) [cid:cf206409-ed01-433f-a696-d01c4f3a1fb2] PGP versleutelde correspondentie heeft mijn voorkeur. | I prefer PGP Encrypted communication. "Knowledge is power" - Sir Francis Bacon | To change something; don't fight existing models but build a new model that makes the existing model obsolete ------------------------------ DISCLAIMER ---------------------------- De informatie verzonden met dit e-mail bericht is Uitsluitend bestemd voor de geadresseerde. Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking aan derden is niet toegestaan. Gebruik van deze informatie door anderen dan de geadresseerde is verboden. U wordt verzocht bij onjuiste adressering de afzender direct te informeren door het bericht te retourneren. The information sent by means of this e-mail message is intended only for the use of the addressee. Publication, duplication, distribution and/or forwarding to third Parties of this message, as well as use of the information by other persons than the intended recipient, is strictly prohibited. If you have received this communication in error, please notify the sender immediately by returning it. ________________________________ From: Kurt H Maier <khm@...ops.net> Sent: Tuesday, April 16, 2019 22:20 To: Victor Angelier CCX Cc: fulldisclosure@...lists.org Subject: Re: [FD] Redhat/CentOS root through network-scripts On Mon, Apr 15, 2019 at 09:36:39AM +0000, Victor Angelier CCX wrote: > Hi there, > > Just found an issue in Redhat/CentOS which according to RedHat > security team is not an issue. I don't know, sounds weird to me. > > If, for whatever reason, a user is able to write an ifcf-<whatever> > script to /etc/sysconfig/network-scripts or it can adjust an existing > one, then your system in pwned. > > Network scripts, ifcg-eth0 for example are used for network > connections. The look exactly like .INI files. However, they are > ~sourced~ on Linux by Network Manager (dispatcher.d). Yes, if a root-user process executes a script as root then the resulting commands are indeed run as root. Those are not INI files, they are shell scripts that set environment variables. If you do not want your users to have root access on your computer, do not let them edit files that are run as root. Your example command configures the environment variable NAME to have the value 'Network' when the shell runs /bin/id. This is why NetowrkManager uses interprocess communications to send user-driven configuration directives to root-permissioned daemons. There are other linux distributions that have different methods for configuring networks, but there is nothing wrong with shell commands, even when the root user runs them. Just don't let users edit files in /etc -- which is why the permissions on these files and directories are set the way they are. khm Download attachment "Outlook-khhjfuxt.jpg" of type "image/jpeg" (2060 bytes) Download attachment "Outlook-n42xr5g0.jpg" of type "image/jpeg" (11002 bytes) _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists