[LUGA] Mit freundlicher Unterstützung von:

Mail Thread Index

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[luga] [nmg@pc27.mdmt.tuwien.ac.at: [lll]: [Debian 2.0] /usr/bin/suidexec gives root access (fwd)]

Hoffe, daß es wirklich für alle Debian 2.0 User von Interesse ist und forwarde
das einmal. Die Butraq-Header hab ich entfernt - kommt aber von dort.

lG - Michl

-----Forwarded message from Nicholas Mc Guire <nmg@pc27.mdmt.tuwien.ac.at>-----
sollte feur alle Debian 2.0 user von interesse sein....


----- Forwarded message from Thomas Roessler -----
Executive summary: /usr/bin/suidexec gives every user a
root shell.  Remove it.

----- Forwarded message from Thomas Roessler <roessler@guug.de> -----

Date: Tue, 28 Apr 1998 15:21:17 +0200
From: Thomas Roessler <roessler@guug.de>
Subject: suidmanager: SECURITY BREACH: /usr/bin/suidexec gives root access to every user on the system
To: submit@bugs.debian.org

Package: suidmanager
Version: 0.18

[This report also goes to the bugtraq mailing list.]

/usr/bin/suidexec will execute arbitrary commands as root,
as soon as just _one_ suid root shell script can be found
on the system: Just invoke

         /usr/bin/suidexec <your program> /path/to/script

- it will happily execute your program with euid = 0. This
is completely sufficient for doing arbitrary damage on the

Additionally, suidexec will fail with shells which close
all but the "standard" file descriptorson startup:
/proc/self/fd/<N> (which is the file descriptor suidexec
has opened for the shell script in question) will have
vanished after this.  I am actually considering this a
feature, as it avoids some of the $HOME/.cshrc related
standard exploits.

SOLUTION: Just drop suidexec from the distribution. Trying
to do setuid shell scripts is almost always a bad idea. If
you absolutely need such things, use sudo.

-- System Information
Debian Release: 2.0 (frozen)
Kernel Version: Linux sobolev 2.0.33 #16 Sun Apr 19 23:48:02 MEST 1998 i586 unknown

Versions of the packages suidmanager depends on:
libc6   Version: 2.0.7pre1-4

----- End forwarded message -----

Schreib an die Liste unter: lll@radawana.cg.tuwien.ac.at
Fragen und Probleme: mail an MajorDomo@radawana.cg.tuwien.ac.at 'help' im BODY
Archiv: http://radawana.cg.tuwien.ac.at/mail-archives/lll/ghindex.html

-----End of forwarded message-----
			  Michael P. Demelbauer
	   WSR (Wirtschafts- und Sozialwissenschaftliches Rechenzentrum)
			  LUGA (Linux User Group Austria)
          Don't mind your make-up, you'd better make your mind up.

powered by LINUX the choice of a gnu generation
linux user group austria;
Letzte Änderung:
September 2010