Bugtraq mailing list archives
Re: bin owned system files
From: jenkins () DPW COM (Colin Jenkins)
Date: Fri, 26 Jul 1996 09:35:12 EDT
Bob Adams wrote:
Are there any known problems/bugs/etc. with "root" executing system binaries owned by "bin" as long as the "bin" account is disabled in /etc/passwd. (i.e. * for password and /bin/false for the shell). Bob Adams Eastman Kodak Company
A couple of problems come to mind. First, I firmly believe that /bin/false and /bin/true are huge security holes. On most systems these are shell scripts that call /bin/sh and exit() with a value. This means that your "disabled" "bin" account actually does get a shell. On my Solaris 2.5 system, I can do something like this: $ /bin/sh $ mkdir -p /tmp/test; cd /tmp/test $ cat > xit #!/bin/sh \echo work\ed!!!!!!! ^D $ chmod 755 xit $ IFS=e; \export IFS $ PATH=.; \export PATH $ /bin/fals\e worked!!!!!!! By itself, this is not an exploit, but it illustrates some intermediate steps that an intruder might take to crack your system. I am surprised that these two programs never seem to be pointed out as security holes. I suppose that by themselves they are not, but since they are frequently linked to programs that people want to "disable" (like login shells) I suspect there are plenty of hacking opportunities for people looking for intermediate doors into systems. Does anyone know why these programs are not one line C programs: main() {exit (0);} main() {exit (255);} Finally, if your system exports any of its file systems via NFS and allows write access to remote clients you are vulnerable. Remote users with access to their local bin accounts can change your system files. If your files are owned by root, then remote systems will not have write access to them unless you explicitly grant it. I don't think "bin" ownership is necessarily a bad idea- I find it convenient for pinpointing setuid programs in long file listings and so on, but if tight security is your goal, root ownership might be a better choice. Colin jenkins () dpw com
Current thread:
- bin owned system files Robert E. Adams (Jul 25)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)
- Re: ? Trojan /usr/bin/false ? Elliot Lee (Jul 25)
- Re: bin owned system files Gene Spafford (Jul 25)
- Re: bin owned system files Colin Jenkins (Jul 26)
- Re: bin owned system files Gene Spafford (Jul 26)
- Re: bin owned system files Jungseok Roh (Jul 26)
- <Possible follow-ups>
- Re: bin owned system files William McVey (Jul 26)
- Re: bin owned system files dsiebert () icaen uiowa edu (Jul 26)
- Re: bin owned system files Bruce Barnett (Jul 26)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)