From owner-freebsd-questions Sun Jan 21 2:21:46 2001 Delivered-To: freebsd-questions@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id C3E1C37B400 for ; Sun, 21 Jan 2001 02:21:27 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id f0LAOQl63559; Sun, 21 Jan 2001 02:24:26 -0800 (PST) (envelope-from kris) Date: Sun, 21 Jan 2001 02:24:26 -0800 From: Kris Kennaway To: Alex Charalabidis Cc: Thakingfish , freebsd-questions@FreeBSD.ORG Subject: Re: dnetc in FBSD Message-ID: <20010121022426.C63217@citusc17.usc.edu> References: <000501c08385$163169c0$0200000a@hal3000.cx> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9Ek0hoCL9XbhcSqy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from alex@wnm.net on Sun, Jan 21, 2001 at 03:31:26AM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --9Ek0hoCL9XbhcSqy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 21, 2001 at 03:31:26AM -0600, Alex Charalabidis wrote: > On Sun, 21 Jan 2001, Thakingfish wrote: >=20 > > Hi, > > whats this all about? > > > > Revision 1.20 / (download) - annotate - [select for diffs], Sun Jan 21 > > 00:48:20 2001 UTC (7 hours, 49 minutes ago) by kris > > Branch: MAIN > > CVS Tags: HEAD > > Changes since 1.19: +2 -1 lines > > Diff to previous 1.19 (colored) > > Mark FORBIDDEN; local buffer overflows yielding user nobody. > >=20 > Looking at the Makefile, it appears that dbaker himself marked > it. Straight from the horse's mouth, though the horse doesn't seem to have > told anyone anything so far... I'm sure it'll get its fair share of > publicity soon enough. No, it was me ("kris" :-). It means what it says; the dnetc client is installed setuid nobody, and I discovered that it has locally exploitable buffer overflows which can be used to gain the privileges of that user. On many systems the nobody user actually has ownership of some files, etc, and may even be used to run services (the apache ports are a prime offender here), so this is a potential security risk on those systems. Kris --=20 NOTE: To fetch an updated copy of my GPG key which has not expired, finger kris@FreeBSD.org --9Ek0hoCL9XbhcSqy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6arjZWry0BWjoQKURAhqOAJ96qXEwck3evmKQlws4HH9Q0NptUQCg4Cgk Gn4m1cxBOf51ltsM+hBVjVI= =i38g -----END PGP SIGNATURE----- --9Ek0hoCL9XbhcSqy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message