Bugtraq mailing list archives
Re: MGE UPS Systems
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Mon, 13 Apr 1998 10:06:58 -0600
If you are running the software, you may want to clear /tmp at boot, at least for the lock files. Otherwise any user can turn any file on the system to 0 bytes.
I should probably point out that methods like "clearing /tmp at boot time" do not neccessarily work. In particular, in many systems one can use the system bootup procedures to run processes on behalf of a regular user, which could then create files or symbolic links to play other games to exploit a problem. Two examples follow: 1) cron is started early. In particular, Vixie cron has a feature not a lot of people know about called @reboot. Since cron is started early and starts pushing jobs through, this permits a user to run processes of his choice while /etc/rc is still executing. With non-vixie versions of cron this is harder, but I bet it's still doable. 2) Some /etc/rc scripts execute sendmail's to deliver vipreserve information. A nice little .forward... can therefore run at the same time as /etc/rc. In OpenBSD's case, we considered this issue to be even more serious since random users could run programs of their choice before the kernel securelevel (see init(8)) has been changed. To avoid that issue we had to change the order of several things in /etc/rc*...
Current thread:
- APC UPS PowerChute PLUS exploit... Theo Schlossnagle (Apr 10)
- MGE UPS Systems Ryan Murray (Apr 12)
- Re: MGE UPS Systems Theo de Raadt (Apr 13)
- DNS Tunnel - through bastion hosts Oskar Pearson (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Richard Peters (Apr 13)
- GSM SIMs cloned ! Rop Gonggrijp (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 13)
- (follow-up) Wietse's RPCBIND Chiaki Ishikawa (Apr 13)
- <Possible follow-ups>
- Re: APC UPS PowerChute PLUS exploit... Chris Liljenstolpe - Network Engineer (Apr 12)
- Re: APC UPS PowerChute PLUS exploit... Iain P.C. Moffat (Apr 13)
- IRIX LicenseManager(1M) Vulnerabilities SGI Security Coordinator (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Rick Perry (Apr 13)
- Re: APC UPS PowerChute PLUS exploit... Pascal Gienger (Apr 14)
(Thread continues...)
- MGE UPS Systems Ryan Murray (Apr 12)