Date: Mon, 9 Oct 2000 22:36:28 -0700 (PDT) From: kahya@techie.com To: freebsd-gnats-submit@FreeBSD.org Subject: advocacy/21887: Security vunrebility found Message-ID: <20001010053628.DA5AA37B503@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 21887 >Category: advocacy >Synopsis: Security vunrebility found >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-advocacy >State: open >Quarter: >Keywords: >Date-Required: >Class: wish >Submitter-Id: current-users >Arrival-Date: Mon Oct 09 22:40:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Krish Ahya >Release: 4.1-STABLE >Organization: >Environment: [intel@marvin:~]$ uname -a FreeBSD marvin.shell-server.com 4.1.1-STABLE FreeBSD 4.1.1-STABLE #0: Mon Oct 2 10:14:58 CDT 2000 eo@marvin.shell-server.com:/usr/src/sys/compile/MARVINUPBRIEF i386 >Description: I've found a small security hole that allows other users on a bsd box to enter another user's home dir without any authentication.Well I am a user on this box and I found this accidentaly.Here is what happened and what I did. [intel@marvin:~]$ cd /home Ok, so, I enter /home and look at this. [intel@marvin:/home]$ ls acer/ danny/ hgcrew/ mazurr/ smorky/ action/ danut/ hidden/ mboyer/ sota/ ademko/ dds/ hqanime/ mcp/ spaz/ adrienne/ dewa/ infinity/ mxpx/ speed/ advert/ dimps/ intel/ naujik/ spider/ aljrooo7/ domreg/ ircd/ nebble/ spooky/ andrew/ drillaz/ isislight/ net-tech/ ssrev/ animehq/ dude/ jedi/ ocparty/ swilling/ apache/ eel/ jonza/ omr/ tef/ arcadia/ ellicit/ kakka/ paiakam/ tektonic/ argg/ enthrash/ karl/ pcmaster/ thor/ arity/ eo/ kirler/ penguin/ tkm/ azabel/ ertw/ kook/ picasso/ toril/ azor/ ervin/ koolzie/ polar/ traffic/ bcaldwel/ exes/ korn/ pollo/ triggzz/ bcentrl/ exorcist/ laan/ predator/ upz/ bhs/ farside/ ladybell/ proxy/ v2000/ bilange/ fastzoom/ lees01/ quake/ vcd/ bogus/ fei/ len/ quantum/ water/ brnt/ flash/ logg/ ram/ wheimeng/ bsd/ flea/ lpr/ rangeela/ winnie/ bubba1/ frosty/ luvhurt/ rattan/ woowoo/ cannibal/ ftp/ lynn/ rift/ xerox/ ceyx/ fusion/ macfarla/ rio/ xt-c/ char/ gameover/ madn0rp/ rodrigo/ zetro/ chris2u/ genxcess/ makaveli/ rolex/ zn/ chrome/ gilles/ manmower/ ryanh/ coolkizz/ goldsky/ mastas/ scp58/ cyrus/ hayz/ matt/ slvrdrgn/ Now I do this: [intel@marvin:/home]$ cd bcentrl [intel@marvin:/home/bcentrl]$ ls Whoa, I've just entered bcentrl's home dir and I'm not root! [intel@marvin:/home/bcentrl]$ ls Maildir/ report.tcl bots/ stormbot.tcl eggdrop1.3.27/ stormbot.tclstormbot.tclstormbot.tcl eggdrop1.3.27.tar This way, I can grab access to any files in that dir.I don't think this should be possible. Is there a possible fix for this?Maybe file permissions are set wrong?Any info would be helpful.Thank you. >How-To-Repeat: Not sure. >Fix: Not sure. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-advocacy" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001010053628.DA5AA37B503>