Date: Sun, 11 Feb 1996 17:12:39 -0700 From: Nate Williams <nate@sri.MT.net> To: Michael Constant <mconst@csua.berkeley.edu> Cc: freebsd-security@freebsd.org Subject: Re: sliplogin hole? Message-ID: <199602120012.RAA17658@rocky.sri.MT.net> In-Reply-To: <199602112322.PAA13282@zarquon.hip.berkeley.edu> References: <199602112322.PAA13282@zarquon.hip.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> This applies to 2.1-RELEASE, which is what I'm running. Forgive me if > it has been fixed in -current; I haven't seen anything on freebsd-security > about it, though. > > The sliplogin(8) manpage recommends using lines of the following form > in /etc/sliphome/slip.hosts: > > Sfoo `hostname` foo netmask > > The problem with this is that the `hostname` portion is passed directly > to the shell, without any processing -- as root. This means J. Random > Slip-User can create a script called ~/bin/hostname that does whatever > he wants, and (as long as ~/bin is before /bin in his path) his script > will be run as root the next time he types "sliplogin foo". Except that the path supplied to sliplogin is the standard unix path (PATH=:/bin:/usr/bin), which doesn't use anything from the user's home directory (unless it was explicitly set in the shell script. Also, if you are concerned about security, you don't allow your slip-login users to create/modify any of their slip files, which is easy to do as long as you don't give them the same uid's for both shell login and slip login accounts and use paranoid permissions on both accounts. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602120012.RAA17658>