Bugtraq mailing list archives
Re: BUG? Non-root user can configure traffic shaper (2.2.13) (fwd)
From: yuri () CS LIGA KIEV UA (Yuri Kuzmenko)
Date: Mon, 27 Dec 1999 21:31:15 +0200
Hi! Non-root users can change the SPEED of shaped interface. I.e., usual user can run "shapecfg speed shaper0 XXX" with success result. In my case non-root user increases speed of shaped interface to my proxy server. Yep, NO ANY suid's on `which shapecfg`. It's has 0755 permission. All if this means that traffic shaper in insecure because can be configured by any user with shell account. Second bug is this: Documentation/networking/shaper.txt: o The shaper must be a module But traffic shaper in "make menuconfig" can be compiled into kernel. So, shaper which compiled into kernel simple not work. Next, I have compiled shaper module "on fly" and insmod it (shaper compiled into kernel at this moment). Then I configure shaped interface and kernel failed in "swapper" process after first use of this interface (simple ping). Maybe second bug is not a shaper issue, but "make menuconfig" should be fixed. // Yuri Kuzmenko, system administrator // LIGA ONLINE - http://www.liga.kiev.ua On Mon, 27 Dec 1999, Noam Rathaus wrote:
Hi, Can you explain better this vulnerability? You are very vague (unclear) on what this security vulnerability consists of? What do you mean a non-root user can configure traffic shaper? How is this done? What does the 'make menuconfig' has to do with it? What do you mean by: "So, result is kernel trap when first use of shaped interface."? Thanks for the additional information. Noam Rathaus http://www.SecuriTeam.com ----- Original Message ----- From: Yuri Kuzmenko <yuri () CS LIGA KIEV UA> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Friday, December 24, 1999 11:33 AM Subject: BUG? Non-root user can configure traffic shaper (2.2.13) (fwd)// Yuri Kuzmenko, system administrator // LIGA ONLINE - http://www.liga.kiev.ua ---------- Forwarded message ---------- Date: Thu, 23 Dec 1999 19:49:11 +0200 (EET) From: Yuri Kuzmenko <yuri () cs liga kiev ua> To: linux-kernel () vger rutgers edu Subject: BUG? Non-root user can configure traffic shaper (2.2.13) Hi! Standard traffic shaper in 2.2.13 kernel is a very simple and cool thing. But speed of shapered device successfully configured by non-root user. This is very bad... Also, traffic shaper works correctly only when it's compiled as a module. But I can select in "make menuconfig" to compile shaper into kernel (2.2.13). So, result is kernel trap when first use of shaped interface. // Yuri Kuzmenko, system administrator // LIGA ONLINE - http://www.liga.kiev.ua
Current thread:
- Re: BUG? Non-root user can configure traffic shaper (2.2.13) (fwd) Yuri Kuzmenko (Dec 27)
- Re: BUG? Non-root user can configure traffic shaper (2.2.13) (fwd) Alan Cox (Dec 27)
- IBM NetStation/UnixWare local root exploit Brock Tellier (Dec 27)