Date: Fri, 17 May 1996 10:49:43 -0700 From: Paul Traina <pst@shockwave.com> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: davidg@Root.COM, "Jordan K. Hubbard" <jkh@freefall.freebsd.org>, committers@freefall.freebsd.org, security@freebsd.org Subject: Re: cvs commit: src/sbin Makefile Message-ID: <199605171749.KAA00487@precipice.shockwave.com> In-Reply-To: Your message of "Fri, 17 May 1996 02:38:19 PDT." <273.832325899@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Subject: Re: cvs commit: src/sbin Makefile
> It would have been better to install it without suid root so that the
> permissions get changed when people next do a "make world".
Yeah, I thought of that but sort of wimped and decided to go instead
for minimum impact (i.e. no changes to mount_union itself). Can we
see what pst's final decision on this one is and simply recommend a
`chmod u-s /sbin/mount_union' for the time being?
Jordan
I don't have a "final" decision, but I'm leaning towards making it
not setuid root until we're clear that the distributions have all
been fixed.
Also, I'm open for suggestions on the final outcome here. Ideally,
we should simply fix the problem in the code (thank you Garret),
not the symptom. However, this is a reasonable workaround given
the relatively small use of mount_union, but it is *just* a
workaround.
Here's my current *DRAFT* advisory, I'm certain it's not perfect
(i.e. is 2.0.5 and 2.0 affected too?) Please (anyone who's reading
this) proof it... I haven't had a chance to dig through old code
myself on this one yet, so I know I probably fubard something, and
I definitely want to check to see if NetBSD has this bug too (in
a different form) so we can warn them.
------- DRAFT ---- DO NOT REDISTRIBUTE DISTRIBUTE
FreeBSD SA-96:09 mount_union unauthorized super-user access
Category: core
Module: mount_union
Announced: 1996-05-17
Affects: FreeBSD 2.1, 2.1-stable, and 2.2-current
Corrected: 1996-05-17 2.1-stable and 2.2-current sources
Source: 4.4 BSD bug
FreeBSD only: unknown
Super-user access may be obtained or the system may be crashed through the
misuse of the mount_union command.
--Workaround--
Mount_union is distributed as a setuid root program. Remove the setuid
bit. As root, execute the command:
% chmod u-s /sbin/mount_union
then verify that the permissions of mount_union have been removed. The
permissions array should read "-r-xr-xr-x" as shown here:
% ls -l /sbin/mount_union
-r-xr-xr-x 1 root bin 53248 Apr 26 04:40 /sbin/mount_union
If you have the source code installed, we suggest patching the sources so
that mount_union will not be installed with the setuid bit set:
You may apply the following patch:
*** /usr/src/sbin/mount_union/Makefile Sun Nov 20 14:47:52 1994
--- /usr/src/sbin/mount_union/Makefile Fri May 17 10:36:09 1996
***************
*** 8,14 ****
CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT}
.PATH: ${MOUNT}
- BINOWN= root
- BINMODE=4555
-
.include <bsd.prog.mk>
--- 8,11 ----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605171749.KAA00487>