cops and linux

cops and linux

Post by Oystein Homeli » Sun, 10 Apr 1994 01:36:09



I just tried running the "cops" security checker program here on my site.
It came out with the following "Success" file:

Warning!  uids OTHER replace /usr/spool/cron/crontabs create supershell
  DO ANYTHING
Warning!  uids OTHER write /usr/spool/cron replace crontabs create
  supershell DO ANYTHING

What does this mean?  Is it dangerous, and what would I do to correct it?

--
                              - - - - - - - - - -


 
 
 

cops and linux

Post by Kyle Hasselbach » Sun, 10 Apr 1994 07:03:32



>I just tried running the "cops" security checker program here on my site.
>It came out with the following "Success" file:
>Warning!  uids OTHER replace /usr/spool/cron/crontabs create supershell
>  DO ANYTHING
>Warning!  uids OTHER write /usr/spool/cron replace crontabs create
>  supershell DO ANYTHING
>What does this mean?  Is it dangerous, and what would I do to correct it?

        It means anyone ("OTHER") can replace a contrab file and have their
commands run.  The worst case, of course, is replacing root's crontab and
having commands run by root.  It's a permissions problem.  This is what the
permissions look like on my system:

longshot /usr/spool # ls -lR cron
total 2
drwxr-xr-x   2 root     root         1024 Dec 28 17:35 crontabs
-rw-------   2 root     root          161 Jan 22 01:43 log

cron/crontabs:
total 2
-rw-------   1 root     root          616 Dec 28 17:35 news
-rw-------   1 root     root          898 Dec 20 10:43 root
longshot /usr/spool # ls -ld .
drwxr-xr-x  10 root     root         1024 Apr  8 17:02 .

        I had the same problem the first time I ran COPS on my SLS system.
SLS had rotten security when I installed it (has this been fixed?).  There
were many other permissions problems with bin directories and such.
--
Kyle Hasselbacher | What sane person could live in this world and not be crazy?