Bugtraq mailing list archives
Re: Cobalt RaQ 3 security hole?
From: "Edward S. Marshall" <emarshal () LOGIC NET>
Date: Sun, 23 Jul 2000 23:05:50 -0500
On Fri, 21 Jul 2000, Peter W wrote:
You think having SUID binaries lying around on the filesystem is a better idea? Runnable by --you said it-- 'nobody'?[0] Maybe even run by random other local users?
That particular trust issue is a solvable problem, especially in this case. Imagine a wrapper script for Apache which generates a random cookie and writes it to a file readable only by root (and then executes Apache with reduced priviledge, perhaps passing in file descriptors for the ports it needs while doing so, ala INN's "startinnd"). Then imagine a setuid helper application (say, a modified suexec) whose sole purpose in life is to read that cookie file, receive the cookie via some form of IPC from Apache, compare the two, and allow execution of one application within a specific set of permitted programs if the cookie matches. (No, this isn't a new idea; I believe the RTR Frontpage extensions do something like this, if memory serves, although they do it within Apache, instead of using a wrapper.) -- Edward S. Marshall <emarshal () logic net> http://www.nyx.net/~emarshal/ ------------------------------------------------------------------------------- [ Felix qui potuit rerum cognoscere causas. ]
Current thread:
- Cobalt RaQ 3 security hole? Chad Day (Jul 18)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Re: Cobalt RaQ 3 security hole? Brian Behlendorf (Jul 21)
- Microsoft Security Bulletin (MS00-045) Microsoft Product Security (Jul 20)
- [ANNOUNCE] INN 2.2.3 available patrick () PINE NL (Jul 21)
- Re: Cobalt RaQ 3 security hole? Francis [loaded.net] (Jul 21)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Peter W (Jul 21)
- Re: Cobalt RaQ 3 security hole? Edward S. Marshall (Jul 24)
- Re: Cobalt RaQ 3 security hole? Wichert Akkerman (Jul 22)
- Re: Cobalt RaQ 3 security hole? Kurt Seifried (Jul 21)
- Re: Cobalt RaQ 3 security hole? Joshua Ellis (Jul 20)
- Sendmail filter rule to stop Outlook exploit Koos van den Hout (Jul 21)
- <Possible follow-ups>
- Re: Cobalt RaQ 3 security hole? Forrest J. Cavalier III (Jul 25)