Re: 2.4.x/Slackware Init script vulnerability

From: Keith Owens (kaosat_private)
Date: Tue Jul 17 2001 - 16:59:43 PDT

Next message: Red Wolf: "RE: W2k: Unkillable Applications"

Previous message: Ishikawa: "Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"
In reply to: Derek Martin: "Re: 2.4.x/Slackware Init script vulnerability"
Next in thread: Derek Martin: "secure software philosophy (was Re: 2.4.x/Slackware Init script vulnerability)"
Reply: Derek Martin: "secure software philosophy (was Re: 2.4.x/Slackware Init script vulnerability)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Content-Type: text/plain; charset=us-ascii

On Tue, 17 Jul 2001 16:32:07 -0400, 
Derek Martin <ddmat_private> wrote:
>I also did the same thing on a Red Hat 7.1 system, with modutils 2.4.2
>(as shipped by Red Hat), and linux 2.4.5 (pristine), and the modules.*
>files were recreated with permissions 0644 upon reboot, so it seems
>not to be limited to just Slackware, but also not a universal problem.
>Since it did not happen on RH 7.1 with modutils 2.4.2, it may be that
>the problem is actually in modutils 2.4.3 (and later, probably), and
>not in earlier modutils.  I think this is probably not really a kernel
>issue, per se.

None of the above.  A change to the kernel in 2.4.3-pre5 or -pre6
caused all kernel thread programs to run with umask 0, including init.
Newer Redhat rc.sysinit sets the umask instead of trusting the kernel
value, older Redhat and current Slackware trust the kernel.  modutils
trust umask.

>I would think that modutils should set the creation mode to 0644 when
>creating these files.  I would also think that as a security measure,
>modutils should verify that these files (or at least modules.dep) are
>not world-writable (and probably also not group writable) BEFORE
>loading modules as a result of listed dependencies...

When programs should force security settings and when they should trust
the umask is a policy question.  Users on development systems
deliberately create modules.dep as 666 and allow modules to be owned as
other than root so modutils allows this.  In this case I decided that
the policy setting should come from the user via umask, instead of
being forced by the programs.  If root's umask is 000 then lots of
programs are insecure, should all of those programs be changed to
ignore umask?

>I'm not really
>sure that the kernel itself should automatically set a restrictive
>umask, as I would think it should be up to user-space programs to
>decide that; but it probably doesn't matter much either way.

The kernel normally mimics the default umask for shells, 022.  The
change from 022 to 000 was incorrect and will be backed out in the next
kernel release.

Keith Owens, modutils maintainer.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Exmh version 2.1.1 10/15/1999

iD8DBQE7VNFui4UHNye0ZOoRAubSAJ9NnJnZ9QoyFKs3cXDS4ys/di5QCACg5KEX
3NjShKKQqwm3mMRlACkUFes=
=q86Y
-----END PGP SIGNATURE-----

Next message: Red Wolf: "RE: W2k: Unkillable Applications"
Previous message: Ishikawa: "Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"
In reply to: Derek Martin: "Re: 2.4.x/Slackware Init script vulnerability"
Next in thread: Derek Martin: "secure software philosophy (was Re: 2.4.x/Slackware Init script vulnerability)"
Reply: Derek Martin: "secure software philosophy (was Re: 2.4.x/Slackware Init script vulnerability)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 18 2001 - 08:29:19 PDT