From owner-freebsd-bugs Thu Jun 20 9:20:31 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 348F137B403 for ; Thu, 20 Jun 2002 09:20:06 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g5KGK6f16759; Thu, 20 Jun 2002 09:20:06 -0700 (PDT) (envelope-from gnats) Date: Thu, 20 Jun 2002 09:20:06 -0700 (PDT) Message-Id: <200206201620.g5KGK6f16759@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Ceri Davies Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Reply-To: Ceri Davies Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/39573; it has been noted by GNATS. From: Ceri Davies To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Date: Thu, 20 Jun 2002 17:19:18 +0100 --/04w6evG8XlLl3ft Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Adding to audit trail. I believe this PR can be closed, but I'll leave it open for someone else to comment on. Ceri -- you can't see when light's so strong you can't see when light is gone --/04w6evG8XlLl3ft Content-Type: message/rfc822 Content-Disposition: inline Return-path: Envelope-to: setantae@submonkey.net Delivery-date: Thu, 20 Jun 2002 16:19:36 +0100 Received: from shaft.techsupport.co.uk ([212.250.77.214]) by rhadamanth.submonkey.net with esmtp (Exim 3.36 #1) id 17L3ii-000OSc-00 for setantae@submonkey.net; Thu, 20 Jun 2002 16:19:36 +0100 Received: from [213.174.11.68] (helo=etrade.bg) by shaft.techsupport.co.uk with smtp (Exim 3.36 #1) id 17L3if-0007yS-00 for setantae@submonkey.net; Thu, 20 Jun 2002 16:19:34 +0100 Received: (qmail 2879 invoked from network); 20 Jun 2002 15:19:27 -0000 Received: from vihren.etrade.xx (10.19.82.30) by kamenica.etrade.xx with QMQP; 20 Jun 2002 15:19:27 -0000 Received: (nullmailer pid 99880 invoked by uid 1000); Thu, 20 Jun 2002 15:19:27 -0000 Date: Thu, 20 Jun 2002 18:19:27 +0300 From: Vasil Dimov To: Ceri Davies Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: bin/39573: uid 0 check in install.sh in 4.6-disc1.iso can be circumvented Message-ID: <20020620151927.GA99859@vihren.etrade.xx> References: <200206201400.g5KE0aUC034406@www.freebsd.org> <20020620145706.GA93638@submonkey.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020620145706.GA93638@submonkey.net> User-Agent: Mutt/1.3.99i On Thu, Jun 20, 2002 at 03:57:06PM +0100, Ceri Davies wrote: > On Thu, Jun 20, 2002 at 07:00:36AM -0700, Vasil Dimov wrote: > > > all the scripts named install.sh in the 4.6-disc1.iso > > MD5 (4.6-disc1.iso) = 99666e6f33820af3b060734203202e35 > > use the same check to ensure the caller is uid 0: > > > > if [ "`id -u`" != "0" ]; then > > echo "Sorry, this must be done as root." > > exit 1 > > fi > > > > which can be easily passed by nonuid0 users, probably > > causing "Permission denied" in the following commands. > > > > $ echo "echo 0" > ~/bin/id > > $ chmod 700 ~/bin/id > > $ export PATH=~/bin:$PATH > > > > $ ./bin/install.sh > > You are about to extract the base distribution into / - are you SURE > > you want to do this over your installed system (y/n)? n > > If you really want to go to all that trouble to circumvent the id check > then you deserve all you get. > > Note that there's nothing to prevent a normal user running the "meat" of > install.sh on their own anyway : > > cat bin.?? | tar --unlink -xpzf - -C ${DESTDIR:-/} > > but it won't get them far. > > In short, the id check isn't intended as a security measure, it's just a > polite reminder that you're about to waste your time if you aren't already > root. > > Ceri > > -- > you can't see when light's so strong > you can't see when light is gone > yes, ofcourse, this is not a security issue at all, but more a philosophy question: `should it be done in the more "secure"(/usr/bin/id) or portable(id) way?' if `id' (for some reason) is not located in /usr/bin/, /usr/bin/id will not work. => just calling `id' is the right way. tnx for the time wasted. --/04w6evG8XlLl3ft-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message