Ron van Daal <ronvdaalat_private> writes: > That's the behaviour I would expect from xmonisdn. A setuid binary > shouldn't dump core if it's being executed by a user which doesn't > match the ownership of the binary. Therefore I think there are two > problems: 1) (small) bug in xmonisdn 2) a bug in my Linux system. If xmonisdn is setuid root on your system, you might have a gaping security hole anyway. Most configurations don't need a setuid xmonisdn anymore, and if you must have it on your machine, you should make the programs that xmonisdn calls setuid root (e.g., by using a suidperl wrapper). That's much safer than giving a random X11 program root privileges, especially if the program was written without security in mind. This was reported some months ago and the CVS version of the isdn4kutils was fixed, i.e. the setuid bit was removed. Debian has upgraded their isdn4kutils package, if your vendor didn't do that, you should contact them and tell them. This was the original announcement (which never made its way to Bugtraq, the Debian fix was announced here, though): | From: Florian Weimer <fwat_private> | Subject: [SECURITY] xmonisdn: local users might gain superuser access | Newsgroups: de.alt.comm.isdn4linux | Date: 12 Aug 1999 10:52:32 +0200 | Message-ID: <877ln15qjz.fsfat_private> | | I haven't seen any announcement for this yet, so here we go. | | There's are potential security hole in xmonisdn which might permit | local users to gain superuser access. xmonisdn is distributed with the | isdn4kutils package and installed by default. | | The Makefile of the affected versions (isdn4kutils 3.0 betas, CVS until | the beginning of August) installs the xmonisdn binary setuid root. | xmonisdn uses external programs to control the status of the ISDN | interfaces and calls theses programs via system(), without providing a | safe version of the environment. As long as your libc overwrites the | IFS environment variable (which all modern versions do), the default | installation is safe, though, because the programs xmonisdn tries to | call don't exist (you are expected to write your own scripts, which | requires extreme care in order to avoid creating a security hole). | | The fix is simple: remove the setuid bit from xmonisdn. In most cases, | root privileges aren't required anyway, because nowadays, `isdnctrl | dialmode' can be used to control the interface status (which only | requires read-write privileges on /dev/isdninfo and /dev/isdnctrl, | which can be granted by putting users into the appropriate group). | | Thanks to Paul Slootman <paulat_private> for writing the fix and | committing it to the isdn4linux CVS.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:08:42 PDT