Vulnerability Development mailing list archives
crontab and sgid (was: nonsuid overflows... still at risk?)
From: Tomasz Grabowski <cadence () apollo aci com pl>
Date: Thu, 7 Jun 2001 15:43:19 +0200 (CEST)
On Wed, 6 Jun 2001, Michal Zalewski wrote:
On Wed, 6 Jun 2001, KF wrote:exactly what I was thinking... crontab -e calls vi to open the users crontab... this is why I was wondering if it could be exploited due to the fact that crontab is suid.Not really. As long as crontab itself is not broken, it should invoke vi without additional priviledges.
While there is discussion about crontab... 'crontab' should only be suid and *no* sgid I know that, but I think it should be common practice that if You are using suids in Your software You should check both euid and egid. Just in case someone screwed something up. I saw this situation few times on Unix systems - 'crontab' was suid and sgid to root. In this situation You can use $EDITOR to execute something with euid=root. I don't know why there was sgid. Maybe the reason was one of the following: - broken RPM - bad practice:if You want to remove suid bit You simply type 'chmod a-s', but after that if You want to set that bit back You can sometimes do 'chmod a+s' instead of 'chmod u+s'. - some kind of backdoor - something wrong with the distributon itself I'am wondering if someone too saw sgid bit on the 'crontab' binary and can tell us what is the reason of that situation? --- Tomasz Grabowski (0-91)4333950 Akademickie Centrum Informatyki mailto:cadence () man szczecin pl
Current thread:
- Re: TCSH problems?, (continued)
- Re: TCSH problems? Andreas Forsgren (Jun 06)
- Re: TCSH problems? Branko Ivanovic (Jun 06)
- Re: TCSH problems? Lee Smith (Jun 06)
- Re: TCSH problems? sean (Jun 07)
- Re: TCSH problems? poke (Jun 07)
- Re: nonsuid overflows... still at risk? Andrew R. Reiter (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- Re: nonsuid overflows... still at risk? Michal Zalewski (Jun 06)
- Re: nonsuid overflows... still at risk? KF (Jun 06)
- crontab and sgid (was: nonsuid overflows... still at risk?) Tomasz Grabowski (Jun 07)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Olaf Kirch (Jun 08)
- Re: crontab and sgid (was: nonsuid overflows... still at risk?) Rafal Wojtczuk (Jun 09)
- Re: nonsuid overflows... still at risk? KF (Jun 06)