Date: Sat, 8 Sep 2001 17:02:57 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908170257.A82082@xor.obsecurity.org> In-Reply-To: <20010908154617.A73143@xor.obsecurity.org>; from kris@obsecurity.org on Sat, Sep 08, 2001 at 03:46:17PM -0700 References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--C7zPtVaVf+AK4Oqc Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 03:46:17PM -0700, Kris Kennaway wrote: > On Sat, Sep 08, 2001 at 02:03:41PM -0700, Matt Dillon wrote: > > Jordan, I would like to commit this to -stable for the release, > > if it isn't too late. (and -current as well). This doesn't addr= ess > > the config file problems with uucp but it will prevent the root > > exploit. It also prevents 'tip' from being exploited. > >=20 > > -Matt >=20 > [...] >=20 > > +INSTALLFLAGS+=3D -fschg >=20 > As I understand it, the only reason these things are setuid uucp is > for the purpose of creating lockfiles. What may be a better solution > is to change them to be setgid uucp: members with privilege of the > group of a binary cannot replace it, and this protects NFS > installations too. This is the approach we uses for games ports which > are probably insecure, but need extra privileges to write score/save > files (if someone attacks the binary, they can't replace it or do > anything else except modify score/save files) Unfortunately, after a bit of thought I don't think you can do this: a few things are mode 6555 and uucp:dialer, and we can't grant both privileges any other way. If I combine the setuid uucp and setgid dialer privileges into one group, then users in the dialer group get permission to read and modify all UUCP spool files. Looks like setting the schg flag is the only feasible containment solution for now. Kris --C7zPtVaVf+AK4Oqc Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mrGxWry0BWjoQKURAhrOAKCjhREme7buBmhy6xSikhfoLuqoCwCg2iBo how+Nc9FlQIyQz9rtcVNJjA= =23Oh -----END PGP SIGNATURE----- --C7zPtVaVf+AK4Oqc-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908170257.A82082>