Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MGE UPS Systems

From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Mon, 13 Apr 1998 10:06:58 -0600


If you are running the software, you may want to clear /tmp at boot, at least
for the lock files.  Otherwise any user can turn any file on the system to 0
bytes.


I should probably point out that methods like "clearing /tmp at boot
time" do not neccessarily work.

In particular, in many systems one can use the system bootup
procedures to run processes on behalf of a regular user, which could
then create files or symbolic links to play other games to exploit a
problem.  Two examples follow:

1) cron is started early.  In particular, Vixie cron has a feature not
   a lot of people know about called @reboot.  Since cron is started early
   and starts pushing jobs through, this permits a user to run processes
   of his choice while /etc/rc is still executing.  With non-vixie versions
   of cron this is harder, but I bet it's still doable.

2) Some /etc/rc scripts execute sendmail's to deliver vipreserve
   information.  A nice little .forward... can therefore run at the same
   time as /etc/rc.

In OpenBSD's case, we considered this issue to be even more serious
since random users could run programs of their choice before the
kernel securelevel (see init(8)) has been changed.  To avoid that
issue we had to change the order of several things in /etc/rc*...
Previous By Date Next
Previous By Thread Next

Current thread: