Date: Mon, 28 Jul 1997 18:50:07 +0000 (GMT) From: "Jonathan A. Zdziarski" <jonz@netrail.net> To: Vincent Poy <vince@mail.MCESTATE.COM> Cc: "[Mario1-]" <Mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net>, Robert Watson <robert+freebsd@cyrus.watson.org>, Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG Subject: Re: security hole in FreeBSD Message-ID: <Pine.BSF.3.95q.970728184930.26434E-100000@netrail.net> In-Reply-To: <Pine.BSF.3.95.970728144205.3844C-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
As long as httpd and sessiond are owned by something other than what cgi scripts run as you're safe, but if they are both nobody, you can replace the binary...We had it happen to us once with v1.2 this is how I know. ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL ------------------------------------------------------------------------- On Mon, 28 Jul 1997, Vincent Poy wrote: :On Mon, 28 Jul 1997, [Mario1-] wrote: : :=)On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote: :=) :=): There IS one common hole I've seen apache and stronghold have, and that is :=): that some people like to leave their sessiond or httpd files owned by :=): 'nobody'. This allows somebody running CGI on that system to replace :=): those binaries with their own, hacked binaries (since the scripts are :=): usually owned as nobody), and the next time httpd starts, they can make it :=): write a root shell, or just about anything along those lines. :=) :=)Now THIS is interesting. I was thinking about this a little while ago. :=)Didn't it seem like 'nobody' had an awful lot of processes running :=)last night? : : Yes, it did but they were all httpd and I understand apache httpd :has fixed this security hole a long time ago since we are using the new :version of apache. : : :Cheers, :Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ :Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] :GaiaNet Corporation - M & C Estate / / / / | / | __] ] :Beverly Hills, California USA 90210 / / / / / |/ / | __] ] :HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____] : :
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970728184930.26434E-100000>