Re: vulnerability in satan, cops & tiger

From: Douglas Lee Schales (schalesat_private)
Date: Fri Jun 26 1998 - 13:52:41 PDT

Next message: Seth McGann: "Re: security hole in mailx"

Previous message: SGI Security Coordinator: "IRIX mailx(1) Buffer Overrun Vulnerability"
Maybe in reply to: Marc Heuse: "vulnerability in satan, cops & tiger"
Next in thread: d: "Re: vulnerability in satan, cops & tiger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In reply to your message dated: Fri, 26 Jun 1998 09:24:17 +0200

>Tiger v2.2.3
>
>the $WORKDIR of tiger 2.2.3 is set to /tmp and many
>temporary files are being written there (it would exeed
>all limits to mention all the lines) ...
>to prevent the raceconditions, $TIGER_HOME/tmp should be created by
>default and $WORKDIR in the config file set to it.
>See below for a patch.

I had seen the patch via the current maintainer of Tiger, and
had told them not to issue it.  This is not the best approach
as many people run Tiger off of R/O floppy diskettes, and this
won't work in that situation.

As an interim solution, the user should create a scratch directory
specifically for Tiger, R/W only by root (there is no reason for
anyone else to be able to read the directory).  Set WORKDIR to point
to this directory.  `/var/spool/tiger' would probably be reasonable.

I've not decided on an "automated" solution that is acceptable,
thus the lack of a patch.

>closing remarks: I was shocked when I found these bugs. These security tools
>have been around since years - and yet nobody had checked this ??
>If this is a reflection of our security consciousness, well, we are in big
>trouble since a long time and things are not getting better (especially with
>M$ around)

Perhaps these tools should have been shuffled up on the priority queue,
because they have "security" associated with them, but it doesn't
really matter.  If the "hack" succeeds, it succeeds... does not matter
what the programs purpose in life was...

I also think many believe that we should address the real problem
first, instead of occupying our time dredging through a never ending
source of code.  The real problem is the shared `/tmp'.

In my private e-mails, I suggested a (hack) solution, but I've now
decided against it.  The correct solution, IMHO, is what I offhandedly
referred to in one message:

rm -rf /tmp

and make the scratch area be private in each accounts home directory
(though some of the shared homes, and roots home being `/' are
problematic).  Then we can go through and fix all the apps once and
for all.

Anyhow, off subject...

dls

[ who will now undoubtably now receive a ton of junk mail for his
  troubles ]

--
Douglas Lee Schales

Next message: Seth McGann: "Re: security hole in mailx"
Previous message: SGI Security Coordinator: "IRIX mailx(1) Buffer Overrun Vulnerability"
Maybe in reply to: Marc Heuse: "vulnerability in satan, cops & tiger"
Next in thread: d: "Re: vulnerability in satan, cops & tiger"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:54 PDT