Bugtraq mailing list archives

Re: majordomo local exploit

From: chris () WESTNET COM (Christopher X. Candreva)
Date: Wed, 29 Dec 1999 09:52:33 -0500


On Tue, 28 Dec 1999, Brock Tellier wrote:

but wrapper immediatly setuid()'s and setgid()'s to owner:daemon before
execing the wrapped program.


Bugs in resend aside, this appears to be an incorrect configuration of
wrapper.  majordomo should have it's own group as well as user, and it
should change to that group, not daemon. This is according to Doc/FAQ in the
Majordomo 1.94.4 distribution.

The whole point of the wrapper and unique uid/gid is to limit the effect of
such bugs.

-Chris

==========================================================
Chris Candreva  -- chris () westnet com -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

Current thread:

bna,sh, (continued)
- - - bna,sh Loneguard (Dec 30)
    - Re: majordomo local exploit Andrew Brown (Dec 30)
    - Re: majordomo local exploit Henrik Nordstrom (Dec 30)
    - Fix for HP-UX automountd/autofs exploit (fwd) Doug Siebert (Dec 30)
    - Re: Fix for HP-UX automountd/autofs exploit (fwd) LaMont Jones (Dec 31)
    - vibackup.sh Loneguard (Dec 31)
    - More info on MS99-061 (IIS escape character vulnerability) .rain.forest.puppy. (Dec 29)
    - Follow UP AltaVista rudi carell (Dec 30)
    - Re: majordomo local exploit Brock Sides (Dec 29)
  - CERT Advisory CA-99-17 Denial-of-Service Tools Aleph One (Dec 29)
  - Re: majordomo local exploit Christopher X. Candreva (Dec 29)
  - The "Mac DoS Attack," a Scheme for Blocking Internet Connections John Copeland (Dec 29)
    - Re: The "Mac DoS Attack," a Scheme for Blocking Internet Connections Alan Cox (Dec 29)
  - Re: majordomo local exploit Olaf Kirch (Dec 29)
  - Re: majordomo local exploit Spidey (Dec 29)
  - Fwd: Sun Security Bulletin #00192 Bryan Blackburn (Dec 29)