From owner-freebsd-security@FreeBSD.ORG Sat Dec 18 02:26:00 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6949416A4CE for ; Sat, 18 Dec 2004 02:26:00 +0000 (GMT) Received: from wjv.com (fl-65-40-24-38.sta.sprint-hsd.net [65.40.24.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B36243D46 for ; Sat, 18 Dec 2004 02:25:58 +0000 (GMT) (envelope-from bv@bilver.wjv.com) Received: from bilver.wjv.com (localhost.wjv.com [127.0.0.1]) by wjv.com (8.12.11/8.13.1) with ESMTP id iBI2PuBB085230 for ; Fri, 17 Dec 2004 21:25:56 -0500 (EST) (envelope-from bv@bilver.wjv.com) Received: (from bv@localhost) by bilver.wjv.com (8.12.11/8.13.1/Submit) id iBI2PudV085229 for freebsd-security@freebsd.org; Fri, 17 Dec 2004 21:25:56 -0500 (EST) (envelope-from bv) Date: Fri, 17 Dec 2004 21:25:56 -0500 From: Bill Vermillion To: freebsd-security@freebsd.org Message-ID: <20041218022556.GA85192@wjv.com> References: <20041217120138.7A89116A4D2@hub.freebsd.org> <20041217145315.GB68582@wjv.com> <41C391BE.3030604@earthlink.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <41C391BE.3030604@earthlink.net> Organization: W.J.Vermillion / Orlando - Winter Park ReplyTo: bv@wjv.com User-Agent: Mutt/1.5.6i X-Spam-Status: No, score=-2.8 required=5.0 tests=ALL_TRUSTED autolearn=failed version=3.0.1 X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on bilver.wjv.com Subject: Re: Strange command histories in hacked shell history X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bv@wjv.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Dec 2004 02:26:00 -0000 Deep in the forest in the dark of night on Fri, Dec 17, 2004 at 20:11 with a cackle and an evil grin Elvedin Trnjanin cast another eye of newt into the brew and chanted: > Bill Vermillion wrote: > > >Can anyone explain why su does not use the UID from the login > >instead of the EUID ? It strikes me as a security hole, but I'm no > >security expert so explanations either way would be welcomed. > Because su does exactly what is says. From the manual - > > DESCRIPTION > > *su* requests the password for /login/ and switches to that user and > group ID > after obtaining proper authentication. > I understand that after using Unix for about 2 decades. However in FreeBSD a user is supposed to be in the wheel group [if it exists] to be able to su to root. But if a person who is not in wheel su's to a user who is in wheel, then they can su to root - as the system sees them as the other user. This means that the 'wheel' security really is nothing more than a 2 password method to get to root. If the EUID of the orignal invoker is checked, even if they su'ed to a person in wheel, then they should not be able to su to root. I'm asking why is this permitted, or alternatively why is putting a user in the wheel group supposed to make things secure, when in reality it just makes it seem more secure - as there is only one more password to crack. > DESCRIPTION > > *sudo* allows a permitted user to execute a /command/ as the superuser > or another user, as specified in the /sudoers/ file. The real and > effective uid and gid are set to match those of the target user as > specified in the passwd file and the group vector is initialized based > on blah blah blah... And I use this for about two people who need extra levels to do certain things for their web sites. Bill -- Bill Vermillion - bv @ wjv . com