Yet another finger hole
Steven D. Miller
steve at umiacs.umd.edu
Mon Dec 12 08:52:49 AEST 1988
If someone can get to, and become root on, an untrusted machine that can
mount your /usr/etc read-write, they can do a lot of things that will end
up with their gaining root access to your machine. (This is why we manage
our exports files carefully, and why on untrusted machines we use a hacked
/etc/init that won't boot single-user without being given the root
password.)
The scenario that you describe will indeed allow such an intruder to gain
root access to your system. I think the change you suggest will work to
foil such methods of intrusion. I suspect that this sort of shenanigans
could be pulled on almost any network server, not just fingerd, so long as
that utility is owned by someone other than root. The best fix is to use
a 4.3-style inetd.conf, but that's only an option for those running SunOS
4.0...
Thanks for pointing this out.
-Steve
Spoken: Steve Miller Domain: steve at mimsy.umd.edu UUCP: uunet!mimsy!steve
Phone: +1-301-454-1808 USPS: UMIACS, Univ. of Maryland, College Park, MD 20742
More information about the Comp.sys.sun
mailing list