Date: Thu, 20 Jun 2002 09:20:06 -0700 (PDT) From: Ceri Davies <setantae@submonkey.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Message-ID: <200206201620.g5KGK6f16759@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/39573; it has been noted by GNATS.
From: Ceri Davies <setantae@submonkey.net>
To: freebsd-gnats-submit@FreeBSD.org
Cc:
Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented
Date: Thu, 20 Jun 2002 17:19:18 +0100
--/04w6evG8XlLl3ft
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Adding to audit trail.
I believe this PR can be closed, but I'll leave it open for someone else to
comment on.
Ceri
--
you can't see when light's so strong
you can't see when light is gone
--/04w6evG8XlLl3ft
Content-Type: message/rfc822
Content-Disposition: inline
Return-path: <admin@mail.etrade.bg>
Envelope-to: setantae@submonkey.net
Delivery-date: Thu, 20 Jun 2002 16:19:36 +0100
Received: from shaft.techsupport.co.uk ([212.250.77.214])
by rhadamanth.submonkey.net with esmtp (Exim 3.36 #1)
id 17L3ii-000OSc-00
for setantae@submonkey.net; Thu, 20 Jun 2002 16:19:36 +0100
Received: from [213.174.11.68] (helo=etrade.bg)
by shaft.techsupport.co.uk with smtp (Exim 3.36 #1)
id 17L3if-0007yS-00
for setantae@submonkey.net; Thu, 20 Jun 2002 16:19:34 +0100
Received: (qmail 2879 invoked from network); 20 Jun 2002 15:19:27 -0000
Received: from vihren.etrade.xx (10.19.82.30)
by kamenica.etrade.xx with QMQP; 20 Jun 2002 15:19:27 -0000
Received: (nullmailer pid 99880 invoked by uid 1000);
Thu, 20 Jun 2002 15:19:27 -0000
Date: Thu, 20 Jun 2002 18:19:27 +0300
From: Vasil Dimov <vd@etrade.bg>
To: Ceri Davies <setantae@submonkey.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented
Message-ID: <20020620151927.GA99859@vihren.etrade.xx>
References: <200206201400.g5KE0aUC034406@www.freebsd.org> <20020620145706.GA93638@submonkey.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020620145706.GA93638@submonkey.net>
User-Agent: Mutt/1.3.99i
On Thu, Jun 20, 2002 at 03:57:06PM +0100, Ceri Davies wrote:
> On Thu, Jun 20, 2002 at 07:00:36AM -0700, Vasil Dimov wrote:
>
> > all the scripts named install.sh in the 4.6-disc1.iso
> > MD5 (4.6-disc1.iso) = 99666e6f33820af3b060734203202e35
> > use the same check to ensure the caller is uid 0:
> >
> > if [ "`id -u`" != "0" ]; then
> > echo "Sorry, this must be done as root."
> > exit 1
> > fi
> >
> > which can be easily passed by nonuid0 users, probably
> > causing "Permission denied" in the following commands.
> >
> > $ echo "echo 0" > ~/bin/id
> > $ chmod 700 ~/bin/id
> > $ export PATH=~/bin:$PATH
> >
> > $ ./bin/install.sh
> > You are about to extract the base distribution into / - are you SURE
> > you want to do this over your installed system (y/n)? n
>
> If you really want to go to all that trouble to circumvent the id check
> then you deserve all you get.
>
> Note that there's nothing to prevent a normal user running the "meat" of
> install.sh on their own anyway :
>
> cat bin.?? | tar --unlink -xpzf - -C ${DESTDIR:-/}
>
> but it won't get them far.
>
> In short, the id check isn't intended as a security measure, it's just a
> polite reminder that you're about to waste your time if you aren't already
> root.
>
> Ceri
>
> --
> you can't see when light's so strong
> you can't see when light is gone
>
yes, ofcourse, this is not a security issue at all,
but more a philosophy question:
`should it be done in the more "secure"(/usr/bin/id) or portable(id) way?'
if `id' (for some reason) is not located in /usr/bin/, /usr/bin/id will not work.
=> just calling `id' is the right way.
tnx for the time wasted.
--/04w6evG8XlLl3ft--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206201620.g5KGK6f16759>