Bugtraq mailing list archives
Re: bin owned system files
From: spaf () cs purdue edu (Gene Spafford)
Date: Thu, 25 Jul 1996 17:18:39 -0500
At 1:20 PM -0500 7/25/96, Robert E. Adams wrote in "bin owned system files":> Are there any known problems/bugs/etc.
with "root" executing system binaries owned by "bin" as long as the "bin" account is disabled in /etc/passwd. (i.e. * for password and /bin/false for the shell).
The standard problem is that if any of these files are exported on a writable partition using NFS, then anyone able to control the importing machines (or spoof the NFS protocol sufficiently) can overwrite the files with arbitrary things. All it takes is becoming "bin" (or "daemon" or.... any other user than root) on the remote machine, and one can then scribble all over the exported files as the owner. Obviously, this can lead to disaster when user root runs the files on the exporting machine. It isn't simply executables, either -- it is configuration files (e.g., inetd.conf) and directories (e.g., /bin). If they are owned by a non-root entity and they are exported writable using standard NFS, then the system is easily compromised. Using secure NFS or Kerberos helps, but those have drawbacks, too. The best policy is to be very careful with NFS and ownership. There are other possible problems, too, with bin ownership. The concept doesn't make sense, particularly, because any non-root user owning executables or system directories regularly used by root can effectively take over root. Therefore, by having another account to hold the ownership, this has introduced a new user id to monitor and protect, a new id (and possibly groups) that can be used for attack, and so on. --spaf PS. Shameless plug: This topic, along with the recent traffic on .exrc and the WWW problems and several others are all covered in the new, extensively revised 2nd edition of "Practical Unix & Internet Security", published by O'Reilly & Associates, and available at fine bookstores everywhere. It's a lot more convenient than posting to mailing lists with some hope that you get a correct answer -- more comprehensive and complete, too. See <http://www.ora.com/catalog/puis/> for more info.
Current thread:
- bin owned system files Robert E. Adams (Jul 25)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)
- Re: ? Trojan /usr/bin/false ? Elliot Lee (Jul 25)
- Re: bin owned system files Gene Spafford (Jul 25)
- Re: bin owned system files Colin Jenkins (Jul 26)
- Re: bin owned system files Gene Spafford (Jul 26)
- Re: bin owned system files Jungseok Roh (Jul 26)
- <Possible follow-ups>
- Re: bin owned system files William McVey (Jul 26)
- Re: bin owned system files dsiebert () icaen uiowa edu (Jul 26)
- Re: bin owned system files Bruce Barnett (Jul 26)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)