Re: SGID man

From: Henrik Nordstrom (hnoat_private)
Date: Sun Aug 01 1999 - 01:43:27 PDT

Next message: Olaf Selke: "Re: Simple DOS attack on FW-1"

Previous message: Malikai: "Re: NT DoS on FW-1 (fwd)"
Maybe in reply to: Solar Designer: "SGID man"
Next in thread: Isaac To: "Re: SGID man"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is a multi-part message in MIME format.

--------------576B684814F1520A7CD46CA
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Solar Designer wrote:

> [ghost@alice ghost]$ man id
> Formatting page, please wait...
> [ghost@alice ghost]$ ls -l /var/catman/cat1/id.1.gz
> -r--rw-r--   1 ghost    man           806 Aug  1 06:14 /var/catman/cat1/id.1.gz

On some systems you can prevent this by making the catman directories
suid to a dummy user. On those systems all files or directories created
in these directories then gets owned by this dummy user and not the user
running the command. Patch attached for linux ext2 to allow suid
directories.

On systems where suid directories does not help, I guess you have no
option but to disable the feature that man saves the preformatted page
when invoked by a user if you do not like users to be able to spoof man
pages. This can be done by removing any suid/sgid bits from
/usr/bin/man, and making sure that the catman directories are not world
writeable.

If you still want to have preformatted pages available for your users,
make the catman directories owned by a dummy user (for example catman),
and run catman as this user to create all preformatted man pages in one
big batch (or man on individual man pages if catman is not available).
You can also make selected trusted users members of the man group to
allow them to generate preformatted man pages when there is need to.

--
Henrik Nordstrom

--------------576B684814F1520A7CD46CA
Content-Type: text/plain; charset=us-ascii; name="ext2_suid_dir.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ext2_suid_dir.patch"

--- linux/fs/ext2/ialloc.c.orig	Mon Jul 19 00:23:15 1999
+++ linux/fs/ext2/ialloc.c	Sun Aug  1 10:37:24 1999
@@ -449,7 +449,12 @@
 	inode->i_sb = sb;
 	inode->i_nlink = 1;
 	inode->i_dev = sb->s_dev;
-	inode->i_uid = current->fsuid;
+	if (dir->i_mode & S_ISUID) {
+		inode->i_uid = dir->i_uid;
+		if (S_ISDIR(mode))
+			mode |= S_ISUID;
+	} else
+		inode->i_uid = current->fsuid;
 	if (test_opt (sb, GRPID))
 		inode->i_gid = dir->i_gid;
 	else if (dir->i_mode & S_ISGID) {

--------------576B684814F1520A7CD46CA--

Next message: Olaf Selke: "Re: Simple DOS attack on FW-1"
Previous message: Malikai: "Re: NT DoS on FW-1 (fwd)"
Maybe in reply to: Solar Designer: "SGID man"
Next in thread: Isaac To: "Re: SGID man"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:47 PDT