From owner-freebsd-questions Sun Jan 21 2:36: 9 2001 Delivered-To: freebsd-questions@freebsd.org Received: from earth.wnm.net (earth.wnm.net [208.246.240.243]) by hub.freebsd.org (Postfix) with ESMTP id 164D737B401; Sun, 21 Jan 2001 02:35:52 -0800 (PST) Received: (from root@localhost) by earth.wnm.net (8.11.0/8.11.0) id f0LAa1n92153; Sun, 21 Jan 2001 04:36:01 -0600 (CST) Received: from localhost (alex@localhost) by earth.wnm.net (8.11.0/8.11.0av) with ESMTP id f0LAa0O92145; Sun, 21 Jan 2001 04:36:00 -0600 (CST) X-Authentication-Warning: earth.wnm.net: alex owned process doing -bs Date: Sun, 21 Jan 2001 04:36:00 -0600 (CST) From: Alex Charalabidis To: Kris Kennaway Cc: Thakingfish , freebsd-questions@freebsd.org Subject: Re: dnetc in FBSD In-Reply-To: <20010121022426.C63217@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 21 Jan 2001, Kris Kennaway wrote: > On Sun, Jan 21, 2001 at 03:31:26AM -0600, Alex Charalabidis wrote: > > On Sun, 21 Jan 2001, Thakingfish wrote: > > > > > Revision 1.20 / (download) - annotate - [select for diffs], Sun Jan 21 > > > 00:48:20 2001 UTC (7 hours, 49 minutes ago) by kris > > > Branch: MAIN > > > CVS Tags: HEAD > > > Changes since 1.19: +2 -1 lines > > > Diff to previous 1.19 (colored) > > > Mark FORBIDDEN; local buffer overflows yielding user nobody. > > > > > Looking at the Makefile, it appears that dbaker himself marked > > it. Straight from the horse's mouth, though the horse doesn't seem to have > > told anyone anything so far... I'm sure it'll get its fair share of > > publicity soon enough. > > No, it was me ("kris" :-). It means what it says; the dnetc client is > installed setuid nobody, and I discovered that it has locally > exploitable buffer overflows which can be used to gain the privileges > of that user. On many systems the nobody user actually has ownership > of some files, etc, and may even be used to run services (the apache > ports are a prime offender here), so this is a potential security risk > on those systems. > Oops, misread it. So it was the horse, not the cow. :) We'll be expecting an advisory whenever they fix it. Moo. Sure, it's a problem for everyone who runs so much stuff as nobody that they might as well run it as root. I think I'll just assign it its own user. Not that I care more than anyone else to litter the world with separate users for every trivial task, but is it worth doing by default for this particular package? -ac -- ============================================================== Alex Charalabidis (AC8139) 5050 Poplar Ave, Ste 170 System Administrator Memphis, TN 38157 WebNet Memphis (901) 432 6000 Author, The Book of IRC http://www.bookofirc.com/ ============================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message