Date: Wed, 4 Oct 2000 17:37:36 +0700 (NSS) From: Max Khon <fjoe@iclub.nsu.ru> To: Dima Dorfman <dima@unixfreak.org> Cc: "Andrey V. Sokolov" <abc@nns.ru>, Kris Kennaway <kris@FreeBSD.org>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.org Subject: Re: BSD chpass (fwd) Message-ID: <Pine.BSF.4.21.0010041736290.90007-100000@iclub.nsu.ru> In-Reply-To: <20001004102239.780551F0D@static.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there!
On Wed, 4 Oct 2000, Dima Dorfman wrote:
> > Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard
> > links! This exploit will work with any command from this set, if
> > little modification of exploits code is done.
>
> And since they're hard links, when you [un]set the modes for one, the
> others get it to. In other words, unless you go out of your way to
> keep chfn/chsh/etc. setuid to root, chmod 555 `which chpass` is
> sufficient.
btw here is another post to bugtraq (from our security officer)
--- cut here ---
From imp@VILLAGE.ORG Wed Oct 4 17:35:53 2000
Date: Tue, 3 Oct 2000 23:17:48 -0600
From: Warner Losh <imp@VILLAGE.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: BSD chpass
In message <20001004024548.A516@dissension.net> caddis writes:
: { "FreeBSD 4.0-RELEASE ", 167, 0x805023c, 0xbfbffc68, bsd_shellcode },
Just FYI, 4.1-RELEASE and newer aren't vulnerable. This problem was
fixed by us in our sweep of the tree in search of the format bugs that
came to light in late june.
Warner Losh
FreeBSD Security Officer
--- cut here ---
/fjoe
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010041736290.90007-100000>