Re: [lids] bug

[Georg Zoeller <zoeller () MEFFERT DE>]

/lidadm -S -- -LIDS  seems to contain this bug too, in a way:
---------------
(user2 is a standard non root user!)

login....
....................................................................
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
bash$ su
Password:
[root@penguin user]# /sbin/lidsadm -S -- -LIDS
SWITCH
enter password:
[root@penguin user]#su user2
bash$ joe /etc/passwd
(file is not read-only, can be modfied)
bash$ joe /etc/fstab
(file is not read only, can be modified)
bash$ ls -l /etc/fstab
-rw-r--r--    1 root     root          684 Jul 24 16:28 /etc/fstab
bash$ exit
[root@penguin user]#exit
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
......................................................................

Seems to me that the -LIDS shell does not drop the root privileges when
switching to non-root accounts.

regards

georg






----- Original Message -----
From: "Kevin H Kamel" <kamelkev () glue umd edu>
To: <lids () egroups com>
Sent: Friday, August 04, 2000 4:27 PM
Subject: Re: [lids] bug


> Ive never issued -LIDS_GLOBAL either. I usually just do -LIDS... does
> -LIDS do this same thing? I thought that -LIDS would only allow that
> particular session to be running as UID=0, but you need to be root to turn
> it off anyway, so that doesnt really matter...
>
> why would you run this -LIDS_GLOBAL? From the security standpoint maybe
> that shouldnt exist at all?
>
> -Kevin
>
>
> On Fri, 4 Aug 2000, Georg Zoeller wrote:
>
> > ... granted, it is very seldom that I boot with /security=0 (and if I do
> > i'll disconnect from the net),
> > but from time to time you'll need to issue a -LIDS_GLOBAL to test some
> > things and then it
> > really gets ugly. What is severe if not having all users running as kind
of
> > uid=0 on your system?
> >
> > regards
> > georg
> >
> > ----- Original Message -----
> > From: "Kevin Kamel" <kamelkev () glue umd edu>
> > To: <lids () egroups com>
> > Sent: Friday, August 04, 2000 4:07 PM
> > Subject: [lids] bug
> >
> >
> > > You know the bug is a problem, but I wouldn't exactly quantify it as
> > > "severe". If your system is set up properly you would need to pass the
> > > security=0 from console to get the bug to happen. How often do you
> > actually
> > > do this? I have *never* had to boot the kernel with security=0, I
thought
> > > that was just in emergency cases when your really screwed up your
> > > configuration. So if you have the "buggy" version right now, just make
> > sure
> > > you disconnect from the net if your going to do security=0, short of
that
> > > you should be ok...
> > >
> > > -Kevin Kamel
>
>
> --------------------------------------------------------------------<e|-
> Download iPlanet Web Server, FastTrack Edition 4.1 for FREE,
> and start publishing dynamic web pages today!
> http://click.egroups.com/1/7540/13/_/18396/_/965399265/
> --------------------------------------------------------------------|e>-