fortunately, the debian guys did this by default in their excellent distro, this prevents lots of exploitable machines to be readily accessible. However, apt-get update and upgrade does fix the breach. > -----Original Message----- > From: pszat_private [SMTP:pszat_private] > Sent: Thursday, 9. August 2001 23:38 > To: bugtraqat_private; zen-parseat_private > Subject: Re: ADV/EXP: netkit <=0.17 in.telnetd remote buffer > overflow > > zen-parseat_private wrote: > > > If the user has local access to the system, it is possible to get the > > program to set arbitrary environment variables in the environment of > > /bin/login. e.g. LD_PRELOAD=/tmp/make-rootshell.so > > To protect against this (and possible bad environment processing within > telnetd itself), create some otherwise unused group and make /bin/login > setgid to that: > > # chown root._login_ /bin/login > # chmod 6711 /bin/login > # ls -l /bin/login > -rws--s--x 1 root _login_ 24752 Aug 25 2000 /bin/login > > (Since telnetd runs as root, login has getuid==geteuid so the OS may > follow > LD_PRELOAD and similar variables. Using this login has getgid!=getegid and > the OS should disallow such trickery.) > > Paul Szabo - pszat_private > http://www.maths.usyd.edu.au:8000/u/psz/ > School of Mathematics and Statistics University of Sydney 2006 > Australia
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 07:52:31 PDT