From owner-freebsd-audit Sat Sep 8 19:33: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54]) by hub.freebsd.org (Postfix) with ESMTP id 485D137B405; Sat, 8 Sep 2001 19:32:53 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id C6C5C66D0A; Sat, 8 Sep 2001 19:32:52 -0700 (PDT) Date: Sat, 8 Sep 2001 19:32:52 -0700 From: Kris Kennaway To: "Andrey A. Chernov" Cc: Kris Kennaway , "Todd C. Miller" , Matt Dillon , Jordan Hubbard , security@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: Fwd: Multiple vendor 'Taylor UUCP' problems. Message-ID: <20010908193252.A7066@xor.obsecurity.org> References: <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru> <20010908185602.B5619@xor.obsecurity.org> <20010909060144.B34519@nagual.pp.ru> <20010908191013.B5881@xor.obsecurity.org> <20010909062025.B34828@nagual.pp.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="cNdxnHkX5QqsyA0e" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010909062025.B34828@nagual.pp.ru>; from ache@nagual.pp.ru on Sun, Sep 09, 2001 at 06:20:25AM +0400 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --cNdxnHkX5QqsyA0e Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Sep 09, 2001 at 06:20:25AM +0400, Andrey A. Chernov wrote: > On Sat, Sep 08, 2001 at 19:10:13 -0700, Kris Kennaway wrote: > > Actually, I think I was overstating a bit. You can't set UFS file > > flags on an NFS volume, but they should work fine if already set on > > the server and /usr is mounted by a client. > >=20 > > What will break is trying to do an installworld onto a remote NFS > > volume, or installworld within a jail, since in order for that to > > succeed you have to tell it not to set file flags, and that will leave > > you with a local root exploit on the installed system. >=20 > This is different problem we already have in other places, since we > install f.e. libc, sliplogin, login, chpass, etc. etc. with -fschg >=20 > It means no remote NFS installation allowed. That's slightly different: the fact that those files don't have the schg flags doesn't expose any runtime security holes, it just means that root can overwrite them. The difference is that here *any* user can overwrite the uu* binaries, which is equivalent to a local root exploit if root runs that binary (which it does currently, once a day). Kris --cNdxnHkX5QqsyA0e Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7mtTUWry0BWjoQKURAmJqAJ9tdgURj1BSlA7hEbxlD1ZLR9P+cgCgsc0+ guQXT9Ana05/ud+XtT4mL+c= =ndkQ -----END PGP SIGNATURE----- --cNdxnHkX5QqsyA0e-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message