Re: majordomo local exploit

From: Christopher X. Candreva (chrisat_private)
Date: Wed Dec 29 1999 - 06:52:33 PST

Next message: Brock Tellier: "Re: UnixWare local pis exploit (mkpis as well)"

Previous message: Aleph One: "CERT Advisory CA-99-17 Denial-of-Service Tools"
Maybe in reply to: Brock Tellier: "majordomo local exploit"
Next in thread: Taneli Huuskonen: "Re: majordomo local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 28 Dec 1999, Brock Tellier wrote:

> but wrapper immediatly setuid()'s and setgid()'s to owner:daemon before
> execing the wrapped program.

Bugs in resend aside, this appears to be an incorrect configuration of
wrapper.  majordomo should have it's own group as well as user, and it
should change to that group, not daemon. This is according to Doc/FAQ in the
Majordomo 1.94.4 distribution.

The whole point of the wrapper and unique uid/gid is to limit the effect of
such bugs.

-Chris

==========================================================
Chris Candreva  -- chrisat_private -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

Next message: Brock Tellier: "Re: UnixWare local pis exploit (mkpis as well)"
Previous message: Aleph One: "CERT Advisory CA-99-17 Denial-of-Service Tools"
Maybe in reply to: Brock Tellier: "majordomo local exploit"
Next in thread: Taneli Huuskonen: "Re: majordomo local exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:24:10 PDT