Bugtraq mailing list archives
Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux
From: peak () kerberos troja mff cuni cz (Pavel Kankovsky)
Date: Thu, 30 Jul 1998 19:50:02 +0200
On Wed, 29 Jul 1998, Joe Zbiciak wrote:
Alan Cox actually is the first person who highlighted this sort of vulnerability to me. Does anyone know if the OpenBSD approach is sufficient for avoiding these sorts of attacks (eg. feeding an suid/sgid program bogus stdin/stdout/stderr)? Also, is a similar patch
Hmm. In theory, yes. But OpenBSD implementation seems to have a potential small hole. It should abort when it cannot fix everything but it does not. PERHAPS, a temporary resource starvation could break it.
in the works for Linux? (I ask, because I'm a Linux user myself.)
I made such a patch for 2.0.~34. (Applying to 2.1 can't be hard.) Get http://www.tux.org/hypermail/linux-kernel/1998week28/0391.html. (Warning: there exists an older version which has a serious--and rather stupid--bug. Don't use it. Kudos to Mitch Blank for discovering it.) You need to have Solar Designer's secure-linux patch installed or do some manual tweaking to use it.
And, is there any overwhelming reason why you wouldn't make the same guarantee that fd's 0..2 are open for all processes, rather than just suid/sgid processes?
It would confuse some programs and probably violate standards. --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "You can't be truly paranoid unless you're sure they have already got you."
Current thread:
- Re: Fwd: Any user can panic OpenBSD machine, (continued)
- Re: Fwd: Any user can panic OpenBSD machine Felix Schroeter (Jul 28)
- netscape mail overflow(another one) Paul Boehm (Jul 28)
- Re: netscape mail overflow(another one) Brett Glass (Jul 28)
- Re: netscape mail overflow(another one) pedward () WEBCOM COM (Jul 29)
- HP-UX Predictive & Netscape SSL Vulnerabilities Aleph One (Jul 29)
- Long attachment filename exploits: a procmail filter John D. Hardin (Jul 29)
- Crash a redhat 5.1 linux box Zachary Amsden (Jul 29)
- FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux box) Joe Zbiciak (Jul 29)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Roger Espel Llima (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Alan Cox (Jul 30)
- Re: FD's 0..2 and suid/sgid procs (Was: Crash a redhat 5.1 linux Pavel Kankovsky (Jul 30)
- Re: netscape mail overflow(another one) Paul Boehm (Jul 29)
- who Paul Boehm (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Chris Wedgwood (Jul 28)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 27)
- Re: Fwd: Any user can panic OpenBSD machine Todd C. Miller (Jul 28)