Date: Sat, 13 Apr 2002 17:07:39 -0600 From: Brett Glass <brett@lariat.org> To: "Charles M. Richmond" <cmr@iisc.com>, security@FreeBSD.ORG Subject: Re: [Corrected message] This OpenBSD local root hole may affect some FreeBSD systems Message-ID: <4.3.2.7.2.20020413170619.00b18ef0@nospam.lariat.org> In-Reply-To: <200204131826.OAA26250@koibito.iisc.com> References: <Your message of "Sat, 13 Apr 2002 10:06:29 PDT." <200204131706.g3DH6T117776@mikko.rsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:26 PM 4/13/2002, Charles M. Richmond wrote: >So yes the BSD mailx/mail has the bug. Also I do not see a bug >report on sunsolve.sun.com. On the otherhand it appears that the >tilde command is not operating with the effective UID but with the >actual UID. Even though mailx is SGID mail and the root maibox is >group readable for mail: > >ls -l /var/mail >total 18 >drwxrwxr-x 2 root mail 512 Oct 25 08:34 :saved >-rw-rw---- 1 cmr mail 318 Apr 13 14:04 cmr >-rw-rw---- 1 root mail 7090 Mar 28 03:10 root > >amaterasu% echo "~\!cat /var/mail/root" | mailx cmr >cat: cannot open /var/mail/root >! >No message !?! > > >Does this mitigate the problem sufficiently? Not if the process invoking mail really is running as root, as a periodic maintenance script would. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20020413170619.00b18ef0>