Some weeks ago I noticed a weird security hole on our AIX 4.3.3 machine.
Situation 1: a default user 'frank' (only default user rights, no
explicit administrative rights) was not able to create any user, change
users' settings or other administrative stuff with SMIT. That's just
what should happen!
Situation 2: the same user said "export DISPLAY="192.168.10.10:0"" and
thus redirected the screen to the linux box on 192.168.10.10. Then he
started SMIT from the command line and got the SMIT screen on the linux
box. xhost + has been executed on the linux box before.
Now, HERE he was able to do some actions, that generally only root can
do. I have been able to create new users as 'frank' logged in!! And I
was able to change user's details for any user, even root!
Note: root was NOT logged in, neither on the AIX machine nor on the
linux box. And they have different passwords on both machines. It
can't be something about password tunneling.
Unfortunately, I can't reproduce it this morning. The user that I've
created as 'frank' logged in still exists on the machine.
If this happens from time to time, it is a real security hole. I don't
know when it happens and why. The machine had been rebooted meanwhile,
maybe it does not occur any longer because of that.
And this happened only when using SMIT (motif gui), when using smitty
I got the correct error messages about not having the approbriate
user rights.
Does anyone know more about this?
Frank
--
Posted via dBforums
http://dbforums.com