Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 9 Sep 2001 01:48:59 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        Brian Somers <brian@freebsd-services.com>
Cc:        Matt Dillon <dillon@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/usr.bin/tip/tip Makefile src/gnu/libexec/uucp/cu Makefile src/gnu/libexec/uucp/uucp Makefile src/gnu/libexec/uucp/uuname Makefile src/gnu/libexec/uucp/uustat Makefile src/gnu/libexec/uucp/uux Makefile
Message-ID:  <20010909014859.B49467@xor.obsecurity.org>
In-Reply-To: <200109090839.f898dJJ14239@hak.lan.Awfulhak.org>; from brian@freebsd-services.com on Sun, Sep 09, 2001 at 09:39:19AM %2B0100
References:  <dillon@FreeBSD.org> <200109090839.f898dJJ14239@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Sun, Sep 09, 2001 at 09:39:19AM +0100, Brian Somers wrote:
> > dillon      2001/09/08 21:54:10 PDT
> > 
> >   Modified files:
> >     usr.bin/tip/tip      Makefile 
> >     gnu/libexec/uucp/cu  Makefile 
> >     gnu/libexec/uucp/uucp Makefile 
> >     gnu/libexec/uucp/uuname Makefile 
> >     gnu/libexec/uucp/uustat Makefile 
> >     gnu/libexec/uucp/uux Makefile 
> >   Log:
> >   Make sure that all non-root-owned binaries in standard system
> >   paths are chflaged 'schg' to prevent exploit vectors when run
> >   by cron, by a root user, or by a user other then the one owning the
> >   binary.  This applies to most of the uucp binaries, cu, tip, and
> >   man (man was already installed properly).
> >   
> >   MFC will occur when approved.
> > 
> >   Revision  Changes    Path
> >   1.12      +2 -1      src/usr.bin/tip/tip/Makefile
> >   1.9       +2 -1      src/gnu/libexec/uucp/cu/Makefile
> >   1.7       +2 -1      src/gnu/libexec/uucp/uucp/Makefile
> >   1.6       +2 -2      src/gnu/libexec/uucp/uuname/Makefile
> >   1.6       +2 -1      src/gnu/libexec/uucp/uustat/Makefile
> >   1.7       +2 -1      src/gnu/libexec/uucp/uux/Makefile
> 
> Why are you doing this ?  You need to protect the parent directories 
> if you hope to protect the contents.
> 
> This just prevents foot-shooting.

No, there's an exploit in most of these binaries giving uid uucp
access.  Since these binaries are owned by uucp, that would let
arbitrary users replace the binaries with their own contents.  That's
called a "trojan" :)

Kris

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7myz6Wry0BWjoQKURAhK+AKC60pIZxBLoZQGtRDUKpT7apKM0dQCgvEQY
g9MrOxFd62WssNIzv9cGHV0=
=Hojx
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909014859.B49467>