Mysterious security hole
Mathias Koerber
koerber.sin at sni.de
Thu Jun 27 12:32:59 AEST 1991
In article <1991Jun26.080351.21035 at ukpoit.co.uk> alan at ukpoit.co.uk (Alan Barclay) writes:
|In article <2007 at nixsin.UUCP> koerber.sin at sni.de writes:
|>[ after the PATH=:/bin:/usr/bin security dicussion was going on for quite
|> some time, deleted... ]
|>No, but if '.' is in your path, and you are in /tmp, that will do some damage.
|>Same thing for any writable dir in your path. Maybe UNIX should have an
|>option which lets one refuse to run
|> a) writable scripts/programs
|> b) setuid scripts/programs
|
|Ah, so you don't want to run ps, mail or at, to name three programs which
|are normally setuid. Also when root a lot of programs have permissions
|of 7xx so almost all programs would be writable.
First an addition:
c) programs not owned by user
Not necessarily, but as superuser I'd be greatful to an option (ENVIRONMENT-
VARIABLE or so), which would make exec/sh/etc refuse to run those programs.
Simply because I might mistype. Imagine:
# PARANOID=4 export PARANOID
^--some kind of level here, or bitmode or ...
# echo $PARANOID
4
# la -l <---- obviously a type
PARANOID: /tmp/la is setuid
# mail
PARANOID: /bin/mail is writable
# vo /etc/passwd <--- another typo
PARANOID: /usr/local/bin/vo is not ownded by root
# PARANOID=0 vo /etc/passwd
^--- I really want to run this..
or even
# PARANOID=99 export PARANOID
# la -l
PARANOID: executing /u0/local/bin/la (y/n):n
PARANOID: execution denied
You don't have to use this all the time, but if you know you are going to
do something tricky, or u suspect pitfalls, the extra help might be
welcome.
Mathias Koerber | S iemens | EUnet: koerber.sin at sni.de
2 Kallang Sector | N ixdorf | USA: koerber.sin at sni-usa.com
S'pore 1344 | I nformation Systems | Tel: +65/7402852 | Fax: +65/7402834
I can resist everything but TEMPTATION |#include <disclaimer.h>
More information about the Comp.unix.admin
mailing list