Date: Wed, 4 Oct 2000 14:10:12 +0400 (MSD) From: "Andrey V. Sokolov" <abc@nns.ru> To: Dima Dorfman <dima@unixfreak.org> Cc: Kris Kennaway <kris@FreeBSD.ORG>, Alfred Perlstein <bright@wintelcom.net>, Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG Subject: Re: BSD chpass (fwd) Message-ID: <Pine.BSF.4.21.0010041401260.11157-100000@falcon.nns.ru> In-Reply-To: <20001004092758.335931F0A@static.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard links! This exploit will work with any command from this set, if little modification of exploits code is done. -- Regards, Andrey V. Sokolov On Wed, 4 Oct 2000, Dima Dorfman wrote: >> On Wed, Oct 04, 2000 at 02:16:59AM -0700, Alfred Perlstein wrote: >> > * Kris Kennaway <kris@FreeBSD.ORG> [001004 02:15] wrote: >> > > On Wed, Oct 04, 2000 at 02:14:26AM -0700, Kris Kennaway wrote: >> > > > On Tue, Oct 03, 2000 at 10:34:22PM -0700, Dima Dorfman wrote: >> > > > > > For those not subscribed to bugtraq, it's time to remove the suid bit on >> > > > > > chpass. >> > > > > >> > > > > Unfortunatly it isn't that easy if you're running with securelevel > 0 >> > > > > since chpass is installed with the schg (system immutable) flag on by >> > > > > default. Oh well, guess it's time to reboot some hosts. :-/ >> > > > >> > > > mv it into a mode 000 directory :-) >> > > >> > > Oops, can't do that. Reboot :) >> > >> > Can you mount something over it? >> >> Hmm, now that null mounts work in -current you could, actually - make a >> copy of /usr/bin except for chpass in say /usr/bin2 and null mount >> it > >Actually, I think you can do it without null mounts. mv /usr/bin >/usr/bin2, chmod 000 /usr/bin2, then remake /usr/bin (without chpass, >of course). > >> on /usr/bin. Except securelevel disallows mounts, I think :) > >In securelevel >= 2, you can't open a disk for writing unless you're >mount(2). I don't know much about null mounts, so I don't know if >that will prevent them from working. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010041401260.11157-100000>