From owner-freebsd-security@FreeBSD.ORG Mon Apr 11 13:45:36 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 37D6716A4CF for ; Mon, 11 Apr 2005 13:45:36 +0000 (GMT) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.FreeBSD.org (Postfix) with ESMTP id BED8743D46 for ; Mon, 11 Apr 2005 13:45:35 +0000 (GMT) (envelope-from Jan.Grant@bristol.ac.uk) Received: from mail.ilrt.bris.ac.uk ([137.222.16.62]) by dirg.bris.ac.uk with esmtp (Exim 4.50) id 1DKzEK-0002DT-PG for freebsd-security@freebsd.org; Mon, 11 Apr 2005 14:45:34 +0100 Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk with local-esmtp (Exim 4.50) id 1DKzEJ-0006oD-Ue; Mon, 11 Apr 2005 14:45:32 +0100 Date: Mon, 11 Apr 2005 14:45:31 +0100 (BST) From: Jan Grant X-X-Sender: cmjg@mail.ilrt.bris.ac.uk To: freebsd-security@freebsd.org Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: Jan Grant X-Spam-Score: -2.8 X-Spam-Level: -- Subject: /etc/rc.bsdextended: am I misunderstanding this..? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2005 13:45:36 -0000 Can someone clear something up for me? [[[ # For apache to read user files, the ruleadd must give # it permissions by default. #### ${CMD} add subject uid 80 object not uid 80 mode rxws; ${CMD} add subject gid 80 object not gid 80 mode rxws; ]]] Doesn't the above mean that an apache user (eg, user-supplied CGI process, PHP script, etc) has the ability to read (and write!) anything in the filesystem? Similarly: mailnull, majordomo, bin, etc, appear to get "elevated" privileges via this file and mac_bsdextended. [[[ #### # For cyrus: ${CMD} add subject uid 60 object not uid 60 mode rxws; ${CMD} add subject gid 60 object not gid 60 mode rxws; ]]] Cyrus is a "black box" mail server: the cyrus user normally winds up owning anything that the IMAP server needs to touch. [[[ # For the nobody account: ${CMD} add subject uid 65534 object not uid 65534 mode rxws; ${CMD} add subject gid 65534 object not gid 65534 mode rxws; ]]] ... and doesn't this (almost, no "a" flag) completely negate the point of the nobody account in the first instance? Not quite getting it, jan -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44 (0)117 9287088 (with luck) http://ioctl.org/jan/ I shave with Occam's Razor.