Bugtraq mailing list archives
Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
From: "Jeremy C. Reed" <reed () reedmedia net>
Date: Wed, 1 Aug 2001 13:55:39 -0700 (PDT)
On Wed, 1 Aug 2001, Olaf Bohlen wrote:
But: no user (except root) should be able to gain access to nobody. so
As another posting indicated and what I have seen on many, many systems, webservers often run CGIs as nobody -- so, in fact, everybody is nobody. (Or in other words, it is easy for many users to gain access to nobody.)
this is not a security hole imho.
This Slackware locatedb vulnerability is a perfect example to counter your reasoning. "No privileges" is the purpose of user nobody. I believe it is usually assumed that files shouldn't be owned by nobody. It is assumed that if your nobody-running tool is exploited that it should not be able to take advantage of anything else. If some tool running as nobody is exploited, it still should have no privileges (like write access to some other nobody-owned file).
Also if you run apache-cgi's as user, apache chowns to the owner of the cgi before executing it:
This depends on how it is configured. My apache configurations don't look at the owner of a CGI file and then setuid to that particular user before running it. In fact, if you use suexec, then it purposely does not run a CGI if its owner is different (because it is considered a security problem). Jeremy C. Reed http://www.reedmedia.net/ http://www.isp-faq.com/
Current thread:
- Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Josh Smith (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Linux Mailing Lists (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Jeremy C. Reed (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Josh Smith (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Jeffrey Denton (Aug 03)
- <Possible follow-ups>
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Olaf Bohlen (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Jeremy C. Reed (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Brian Smith (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Dylan Griffiths (Aug 02)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Felipe Franciosi (Aug 06)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Jeremy C. Reed (Aug 01)
- Re: Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate Nasir Simbolon (Aug 02)