Date: Sun, 9 Sep 2001 05:44:58 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: "Todd C. Miller" <Todd.Miller@courtesan.com> Cc: Kris Kennaway <kris@obsecurity.org>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010909054457.A34319@nagual.pp.ru> In-Reply-To: <200109090120.f891KvM14677@xerxes.courtesan.com> References: <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 08, 2001 at 19:20:56 -0600, Todd C. Miller wrote: > In message <20010908180848.A94567@xor.obsecurity.org> > so spake Kris Kennaway (kris): > > > The vulnerability involves uucp being made to run arbitrary commands > > as the uucp user through specifying a custom configuration file - see > > bugtraq. There may be other problems resulting from user-specified > > configuration files. I don't have time to go through the code and fix > > up the revocation of privileges right now..in the meantime, this > > prevents the root exploit where a user replaces a uucp-owned binary > > like uustat, which is called daily by /etc/periodic. > > Is there really any reason to run uustat as root? Why not just run > it as user uucp via su? For that matter, running non-root owned > executables from daily seems like a really bad idea. I agree. There is no needs to deal with privileges revocation at all if "uucp" user itself is well restricted, just protect system "uucp" owned binaries from owerwritting by "uucp" user using schg flag. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909054457.A34319>