Bugtraq mailing list archives
Re: bin owned system files
From: dsiebert () icaen uiowa edu (dsiebert () icaen uiowa edu)
Date: Fri, 26 Jul 1996 15:15:43 -0500
Another thing to consider is that there are sometimes security problems that allow you to obtain any user ID _except_ root. I recall some sendmail bugs in particular in the past that exhibited this behavior. By having bin-owned stuff that root uses/executes those "get any user ID other than root" bugs are really "get root quick" bugs at that point. And often it is noted that since you can steal bin with a particular security hole that it is trivial to then take root on most systems. It is enough of a concern for me that I have given serious thought to doing a chown of everything bin owns on my HP-UX 10.10 systems to root (if you do this, watch out for "kermit", which is stupidly setuid-bin in HP-UX 10.10) I see no point in the existance of bin at all other than as a security hole waiting to happen, since nothing ever _runs_ as bin, at least under HP-UX. At least uucp, lp, daemon, etc. have a reason for being since things are supposed to be run under their id and some stuff is rightfully setuid to their id. This isn't true for bin, other than the aforementioned "kermit" stupidity on HP-UX 10.10, but I'm sure that's just an accident that will eventually be corrected. Though I note it is still present in HP-UX 10.20. (I guess I'm not positive the setuid bin thing is a bug, it is _possible_ this was intentional, and there are no ways to steal the bin id using kermit. But I wouldn't bet the security of my systems on it!) -- Douglas Siebert Director of Computing Facilities douglas-siebert () uiowa edu Division of Mathematical Sciences, U of Iowa "It is easier to apologize than to get permission" -- Grace Hopper
Current thread:
- bin owned system files Robert E. Adams (Jul 25)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)
- Re: ? Trojan /usr/bin/false ? Elliot Lee (Jul 25)
- Re: bin owned system files Gene Spafford (Jul 25)
- Re: bin owned system files Colin Jenkins (Jul 26)
- Re: bin owned system files Gene Spafford (Jul 26)
- Re: bin owned system files Jungseok Roh (Jul 26)
- <Possible follow-ups>
- Re: bin owned system files William McVey (Jul 26)
- Re: bin owned system files dsiebert () icaen uiowa edu (Jul 26)
- Re: bin owned system files Bruce Barnett (Jul 26)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)