Date: Sat, 8 Sep 2001 19:32:52 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Kris Kennaway <kris@obsecurity.org>, "Todd C. Miller" <Todd.Miller@courtesan.com>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908193252.A7066@xor.obsecurity.org> In-Reply-To: <20010909062025.B34828@nagual.pp.ru>; from ache@nagual.pp.ru on Sun, Sep 09, 2001 at 06:20:25AM %2B0400 References: <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru> <20010908185602.B5619@xor.obsecurity.org> <20010909060144.B34519@nagual.pp.ru> <20010908191013.B5881@xor.obsecurity.org> <20010909062025.B34828@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--cNdxnHkX5QqsyA0e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 09, 2001 at 06:20:25AM +0400, Andrey A. Chernov wrote: > On Sat, Sep 08, 2001 at 19:10:13 -0700, Kris Kennaway wrote: > > Actually, I think I was overstating a bit. You can't set UFS file > > flags on an NFS volume, but they should work fine if already set on > > the server and /usr is mounted by a client. > >=20 > > What will break is trying to do an installworld onto a remote NFS > > volume, or installworld within a jail, since in order for that to > > succeed you have to tell it not to set file flags, and that will leave > > you with a local root exploit on the installed system. >=20 > This is different problem we already have in other places, since we > install f.e. libc, sliplogin, login, chpass, etc. etc. with -fschg >=20 > It means no remote NFS installation allowed. That's slightly different: the fact that those files don't have the schg flags doesn't expose any runtime security holes, it just means that root can overwrite them. The difference is that here *any* user can overwrite the uu* binaries, which is equivalent to a local root exploit if root runs that binary (which it does currently, once a day). Kris --cNdxnHkX5QqsyA0e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mtTUWry0BWjoQKURAmJqAJ9tdgURj1BSlA7hEbxlD1ZLR9P+cgCgsc0+ guQXT9Ana05/ud+XtT4mL+c= =ndkQ -----END PGP SIGNATURE----- --cNdxnHkX5QqsyA0e-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908193252.A7066>