Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 Sep 2001 18:56:02 -0700
From:      Kris Kennaway <kris@obsecurity.org>
To:        "Andrey A. Chernov" <ache@nagual.pp.ru>
Cc:        "Todd C. Miller" <Todd.Miller@courtesan.com>, Kris Kennaway <kris@obsecurity.org>, Matt Dillon <dillon@earth.backplane.com>, Jordan Hubbard <jkh@FreeBSD.ORG>, security@FreeBSD.ORG, audit@FreeBSD.ORG
Subject:   Re: Fwd: Multiple vendor 'Taylor UUCP' problems.
Message-ID:  <20010908185602.B5619@xor.obsecurity.org>
In-Reply-To: <20010909054457.A34319@nagual.pp.ru>; from ache@nagual.pp.ru on Sun, Sep 09, 2001 at 05:44:58AM %2B0400
References:  <5.1.0.14.0.20010908153417.0286b4b8@192.168.0.12> <200109082103.f88L3fK29117@earth.backplane.com> <20010908154617.A73143@xor.obsecurity.org> <20010908170257.A82082@xor.obsecurity.org> <20010908174304.A88816@xor.obsecurity.org> <20010909045226.A33654@nagual.pp.ru> <20010908180848.A94567@xor.obsecurity.org> <200109090120.f891KvM14677@xerxes.courtesan.com> <20010909054457.A34319@nagual.pp.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

--rJwd6BRFiFCcLxzm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Sep 09, 2001 at 05:44:58AM +0400, Andrey A. Chernov wrote:
> On Sat, Sep 08, 2001 at 19:20:56 -0600, Todd C. Miller wrote:
> > In message <20010908180848.A94567@xor.obsecurity.org>
> > 	so spake Kris Kennaway (kris):
> >=20
> > > The vulnerability involves uucp being made to run arbitrary commands
> > > as the uucp user through specifying a custom configuration file - see
> > > bugtraq.  There may be other problems resulting from user-specified
> > > configuration files.  I don't have time to go through the code and fix
> > > up the revocation of privileges right now..in the meantime, this
> > > prevents the root exploit where a user replaces a uucp-owned binary
> > > like uustat, which is called daily by /etc/periodic.
> >=20
> > Is there really any reason to run uustat as root?  Why not just run
> > it as user uucp via su?  For that matter, running non-root owned
> > executables from daily seems like a really bad idea.
>=20
> I agree. There is no needs to deal with privileges revocation at all if
> "uucp" user itself is well restricted, just protect system "uucp" owned
> binaries from owerwritting by "uucp" user using schg flag.

That doesn't protect NFS-mounted systems, and doesn't prevent
arbitrary users from reading/modifying the UUCP spool files.

Kris

--rJwd6BRFiFCcLxzm
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7mswxWry0BWjoQKURAp32AJ490Un7HFu9RX4ZM1BRl2xMrhLbawCeMRVD
1l4ASx2eVxt1qTlI066TCQU=
=Waf9
-----END PGP SIGNATURE-----

--rJwd6BRFiFCcLxzm--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010908185602.B5619>