From owner-freebsd-bugs Sat Nov 17 22:20:17 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 88EE337B419 for ; Sat, 17 Nov 2001 22:20:01 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id fAI6K1X02928; Sat, 17 Nov 2001 22:20:01 -0800 (PST) (envelope-from gnats) Received: from theshell.com (arsenic.theshell.com [63.236.138.5]) by hub.freebsd.org (Postfix) with SMTP id 83AAF37B405 for ; Sat, 17 Nov 2001 22:10:36 -0800 (PST) Received: (qmail 43987 invoked by uid 500); 18 Nov 2001 06:10:36 -0000 Message-Id: <20011118061036.43986.qmail@theshell.com> Date: 18 Nov 2001 06:10:36 -0000 From: Peter Avalos Reply-To: Peter Avalos To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/32072: setuid w/o immutable flag Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 32072 >Category: bin >Synopsis: setuid w/o immutable flag >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Nov 17 22:20:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Peter Avalos >Release: FreeBSD 4.4-STABLE i386 >Organization: >Environment: System: FreeBSD arsenic.theshell.com 4.4-STABLE FreeBSD 4.4-STABLE #0: Sat Nov 17 15:44:56 PST 2001 pavalos@arsenic.theshell.com:/usr/obj/usr/src/sys/ARSENIC i386 >Description: It seems smart to set the immutable flag on files that are installed setuid. There are some binaries that do not get the the immutable flag set when they are installed. If someone did acquire root (all of these files are setuid root) then they wouldn't be able to replace the binary with a trojanned one if securelevel > 0 and schg set. >How-To-Repeat: >Fix: Below are some unified diffs for some makefiles that install setuid binaries w/o the immutable flag. I'm not 100% confident about these diffs, and I run a RELENG_4 box so caveat emptor. Most of the diffs are against HEAD, except for keyinfo and keyinit which are only in RELENG_4. If I'm totally off my rocker, feel free to close this PR. Index: sbin/ping/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/ping/Makefile,v retrieving revision 1.16 diff -u -r1.16 Makefile --- sbin/ping/Makefile 13 Sep 2001 06:48:15 -0000 1.16 +++ sbin/ping/Makefile 18 Nov 2001 05:32:24 -0000 @@ -5,6 +5,7 @@ MAN= ping.8 BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg CFLAGS+=-Wall -Wmissing-prototypes .if ${MACHINE_ARCH} == "alpha" CFLAGS+=-fno-builtin # GCC's builtin memcpy doesn't do unaligned copies Index: sbin/ping6/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/ping6/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- sbin/ping6/Makefile 13 Sep 2001 06:48:15 -0000 1.7 +++ sbin/ping6/Makefile 18 Nov 2001 05:33:29 -0000 @@ -7,6 +7,7 @@ BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg LDADD= -lipsec -lmd DPADD= ${LIBIPSEC} ${LIBMD} Index: sbin/shutdown/Makefile =================================================================== RCS file: /home/ncvs/src/sbin/shutdown/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- sbin/shutdown/Makefile 13 Sep 2001 06:48:15 -0000 1.7 +++ sbin/shutdown/Makefile 18 Nov 2001 05:42:35 -0000 @@ -7,5 +7,6 @@ BINOWN= root BINGRP= operator BINMODE=4550 +INSTALLFLAGS=-fschg .include Index: usr.bin/at/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/at/Makefile,v retrieving revision 1.13 diff -u -r1.13 Makefile --- usr.bin/at/Makefile 13 Sep 2001 06:48:16 -0000 1.13 +++ usr.bin/at/Makefile 18 Nov 2001 05:43:09 -0000 @@ -14,6 +14,7 @@ BINOWN= root BINMODE= 4555 +INSTALLFLAGS=-fschg CLEANFILES+= at.1 at.1: at.man Index: usr.bin/chpass/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/chpass/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- usr.bin/chpass/Makefile 13 Sep 2001 06:48:16 -0000 1.24 +++ usr.bin/chpass/Makefile 18 Nov 2001 05:43:40 -0000 @@ -9,6 +9,7 @@ yppasswd_private_clnt.c yppasswd_private_xdr.c BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg .PATH: ${.CURDIR}/../../usr.sbin/pwd_mkdb ${.CURDIR}/../../usr.sbin/vipw \ ${.CURDIR}/../../libexec/ypxfr \ ${.CURDIR}/../../usr.sbin/rpc.yppasswdd \ Index: usr.bin/keyinfo/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/keyinfo/Attic/Makefile,v retrieving revision 1.4.6.2 diff -u -r1.4.6.2 Makefile --- usr.bin/keyinfo/Makefile 6 Nov 2001 03:36:33 -0000 1.4.6.2 +++ usr.bin/keyinfo/Makefile 18 Nov 2001 05:50:35 -0000 @@ -5,6 +5,7 @@ DPADD= ${LIBSKEY} ${LIBCRYPT} ${LIBMD} LDADD= -lskey -lcrypt -lmd BINMODE=4555 +INSTALLFLAGS=-fschg WARNS?=1 .include Index: usr.bin/keyinit/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/keyinit/Attic/Makefile,v retrieving revision 1.6.6.1 diff -u -r1.6.6.1 Makefile --- usr.bin/keyinit/Makefile 25 Apr 2001 11:29:24 -0000 1.6.6.1 +++ usr.bin/keyinit/Makefile 18 Nov 2001 05:51:47 -0000 @@ -7,6 +7,7 @@ CFLAGS+= -D_SKEY_INTERNAL BINMODE=4555 +INSTALLFLAGS=-fschg DPADD= ${LIBSKEY} ${LIBCRYPT} ${LIBMD} LDADD= -lskey -lcrypt -lmd Index: usr.bin/lock/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/lock/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- usr.bin/lock/Makefile 13 Sep 2001 06:48:17 -0000 1.7 +++ usr.bin/lock/Makefile 18 Nov 2001 05:44:05 -0000 @@ -4,6 +4,7 @@ PROG= lock BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg DPADD= ${LIBCRYPT} LDADD= -lcrypt Index: usr.bin/quota/Makefile =================================================================== RCS file: /home/ncvs/src/usr.bin/quota/Makefile,v retrieving revision 1.4 diff -u -r1.4 Makefile --- usr.bin/quota/Makefile 13 Sep 2001 06:48:17 -0000 1.4 +++ usr.bin/quota/Makefile 18 Nov 2001 05:44:23 -0000 @@ -4,6 +4,7 @@ PROG= quota BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg DPADD= ${LIBRPCSVC} LDADD= -lrpcsvc Index: usr.sbin/mrouted/mrinfo/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/mrouted/mrinfo/Makefile,v retrieving revision 1.15 diff -u -r1.15 Makefile --- usr.sbin/mrouted/mrinfo/Makefile 13 Sep 2001 06:48:15 -0000 1.15 +++ usr.sbin/mrouted/mrinfo/Makefile 18 Nov 2001 05:44:49 -0000 @@ -7,6 +7,7 @@ MAN= mrinfo.8 BINOWN= root BINMODE= 4555 +INSTALLFLAGS=-fschg CFLAGS+= -I$S Index: usr.sbin/mrouted/mtrace/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/mrouted/mtrace/Makefile,v retrieving revision 1.14 diff -u -r1.14 Makefile --- usr.sbin/mrouted/mtrace/Makefile 13 Sep 2001 06:48:16 -0000 1.14 +++ usr.sbin/mrouted/mtrace/Makefile 18 Nov 2001 05:45:10 -0000 @@ -7,6 +7,7 @@ MAN= mtrace.8 BINOWN= root BINMODE= 4555 +INSTALLFLAGS=-fschg CFLAGS+= -I$S Index: usr.sbin/pppd/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/pppd/Makefile,v retrieving revision 1.23 diff -u -r1.23 Makefile --- usr.sbin/pppd/Makefile 24 Jul 2001 02:37:48 -0000 1.23 +++ usr.sbin/pppd/Makefile 18 Nov 2001 05:45:31 -0000 @@ -10,6 +10,7 @@ BINMODE=4550 BINOWN= root BINGRP= dialer +INSTALLFLAGS=-fschg CFLAGS+= -DHAVE_PATHS_H Index: usr.sbin/sendmail/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/sendmail/Makefile,v retrieving revision 1.35 diff -u -r1.35 Makefile --- usr.sbin/sendmail/Makefile 14 Sep 2001 11:03:34 -0000 1.35 +++ usr.sbin/sendmail/Makefile 18 Nov 2001 05:46:05 -0000 @@ -19,6 +19,7 @@ version.c BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg # Define the database format to use for aliases et al. DBMDEF= -DNEWDB Index: usr.sbin/timed/timedc/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/timed/timedc/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- usr.sbin/timed/timedc/Makefile 13 Sep 2001 06:48:16 -0000 1.7 +++ usr.sbin/timed/timedc/Makefile 18 Nov 2001 05:46:26 -0000 @@ -8,6 +8,7 @@ SRCS= cmds.c cmdtab.c timedc.c byteorder.c measure.c cksum.c BINOWN= root BINMODE= 4555 +INSTALLFLAGS=-fschg .include "../../Makefile.inc" .include Index: usr.sbin/traceroute/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/traceroute/Makefile,v retrieving revision 1.18 diff -u -r1.18 Makefile --- usr.sbin/traceroute/Makefile 13 Sep 2001 06:48:16 -0000 1.18 +++ usr.sbin/traceroute/Makefile 18 Nov 2001 05:46:49 -0000 @@ -8,6 +8,7 @@ SRCS= version.c traceroute.c BINOWN= root BINMODE=4555 +INSTALLFLAGS=-fschg CLEANFILES= version.c CFLAGS+= -DHAVE_SYS_SELECT_H=1 -DHAVE_SYS_SYSCTL_H=1 \ Index: usr.sbin/traceroute6/Makefile =================================================================== RCS file: /home/ncvs/src/usr.sbin/traceroute6/Makefile,v retrieving revision 1.7 diff -u -r1.7 Makefile --- usr.sbin/traceroute6/Makefile 13 Sep 2001 06:52:42 -0000 1.7 +++ usr.sbin/traceroute6/Makefile 18 Nov 2001 05:47:01 -0000 @@ -17,6 +17,7 @@ MAN= traceroute6.8 BINOWN= root BINMODE= 4555 +INSTALLFLAGS=-fschg CFLAGS+= -DINET6 -DIPSEC -DHAVE_POLL >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message