Re: Serious Linux 2.0.34 security problem

From: Liviu Daia (daiaat_private)
Date: Wed Jul 01 1998 - 02:45:35 PDT

Next message: Jesse Off: "linux TCP/IP patch: ktcpd-strobemasker"

Previous message: Aleph One: "qpopper 2.51"
Next in thread: Alan Cox: "Re: Serious Linux 2.0.34 security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 30 June 1998, David Luyer <luyerat_private> wrote:
> I just saw this mentioned on linux-kernel and confirmed it;
>
[ sample exploit deleted ]
>
> This can kill from a normal user account the inetd process under Linux
> 2.0.34 by sending a SIGIO.  Very bad.
>
> The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line
> number is approximately 139.

On 1 July 1998, Alan Cox <alanat_private> wrote:
> Bugtraq readers who haven't been following the Linux security audit
> project (from whence most of the Red Hat fixes came - and other
> vendors will I assume be issuing identical updates) might like to take
> a look at how their own OS handles pointing the following at files
> only root can read and running setuid apps. (or setgid usage in some
> cases such as Mutt)
>         TZ
>         TERMINFO
>         TERMCAP
[...]
>
> A PS item btw: 2.0.35pre3 fixes the bug reported with SIGIO, and
> it should be out as 2.0.35 proper RSN - 2.0.35pre3 is a release
> candidate. We hadn't planned on a 2.0.35 release quite that soon but
> such is life.

    Unfortunately, this fix seems to also break programs using SIGIO for
legitimate purposes --- like MC with subshell support.  Personally, I'm
not enough familiar with the internals of either the Linux kernel or MC
to attempt to find out what's wrong with the new SIGIO handling, but you
might want to address this problem before releasing 2.0.35.  I'm sure
there's a better way to fix all this.

    On a completely unrelated topic, but since you mentioned Mutt:
the new handling of locales in Linux libc's 5.4.45 and 5.4.46 breaks
NLS support in binaries with either the setuid or the setgid bits
set.  Mutt on Linux f.i. can't print accented characters any longer,
because isprint() now assumes the "C" locales in setgid programs.  Pavel
Kankovsky (the author of this change) commented that "setuid programs
should be secure, not user friendly".  Now, while I basically agree with
this statement (the implication for Mutt being that it should use an
external program to manage locking), there's probably a way to fix that
kind of problems without crippling the system. :-)

    Regards,

    Liviu

--
Dr. Liviu Daia                   e-mail:   daiaat_private
Institute of Mathematics         web page: http://www.imar.ro/~daia
of the Romanian Academy          PGP key:  finger daiaat_private

Next message: Jesse Off: "linux TCP/IP patch: ktcpd-strobemasker"
Previous message: Aleph One: "qpopper 2.51"
Next in thread: Alan Cox: "Re: Serious Linux 2.0.34 security problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:23 PDT