ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

Post by Joel M. Hoffm » Sat, 27 Feb 1993 23:56:02



>Hi

>People that want to install gnuplot with builtin vga-driver
>should be aware that gnuplot has a SHELL-ESCAPE!
>It should never ever been installed suid root!


>should probably look like that:

>-rwxr-sr-x   1 bin      mem        238596 Dec  4 11:02 /usr/local/bin/gnuplot*
>crw-rw----   1 root     mem        1,   2 Aug 29 23:48 /dev/kmem
>crw-rw----   1 root     mem        1,   1 Aug 29 23:48 /dev/mem

>... if you don't want others to become root w/o password :->

Unfortunately, this too is a security hole.  The whole point not
making /dev/[k]mem world readable is that doing so is a secuty hole.
With the permissions you suggest, anyone can run gnuplot, escape to a
shell, and access /dev/[k]mem.  Bad idea.

I guess a better solution would be to modify the shell escape to
restore the old userid.

-Joel

 
 
 

ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

Post by Gerald He » Sat, 27 Feb 1993 22:50:29


Hi

People that want to install gnuplot with builtin vga-driver
should be aware that gnuplot has a SHELL-ESCAPE!
It should never ever been installed suid root!


should probably look like that:

-rwxr-sr-x   1 bin      mem        238596 Dec  4 11:02 /usr/local/bin/gnuplot*
crw-rw----   1 root     mem        1,   2 Aug 29 23:48 /dev/kmem
crw-rw----   1 root     mem        1,   1 Aug 29 23:48 /dev/mem

... if you don't want others to become root w/o password :->

gjh

 
 
 

ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

Post by Jeffrey A Wall » Sun, 28 Feb 1993 08:36:43




|> >-rwxr-sr-x   1 bin      mem        238596 Dec  4 11:02 /usr/local/bin/gnuplot*
|> >crw-rw----   1 root     mem        1,   2 Aug 29 23:48 /dev/kmem
|> >crw-rw----   1 root     mem        1,   1 Aug 29 23:48 /dev/mem
|> >
|> >... if you don't want others to become root w/o password :->
|>
|> Unfortunately, this too is a security hole.  The whole point not
|> making /dev/[k]mem world readable is that doing so is a secuty hole.
|> With the permissions you suggest, anyone can run gnuplot, escape to a
|> shell, and access /dev/[k]mem.  Bad idea.
|>
|> I guess a better solution would be to modify the shell escape to
|> restore the old userid.
|>
|> -Joel

Yes, now setgid mem processes can *write* to kernel memory.  What
stops them from going through the process table, finding the
task_struct of any process they want and resetting the uid and euid
fields to 0?

Total ignorance on my part, but why does gnuplot have to read
(or write) to kernel memory?  How about some kernel mods with  
/dev/vga, /dev/framebuffer and some nice ioctls?

                                                -Jeff

 
 
 

ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

Post by Gerald He » Fri, 05 Mar 1993 00:46:41


Hi

Oehm, even worse, gnuplot doesn't even work this way :-(
There should be a setuid-call right before the shell is execd. That
would fix it....

gjh

 
 
 

1. ANNOUNCE: GNUPLOT 3.2 uploaded to sunsite.unc.edu

Hi!

I have uploaded GNUPLOT 3.2 to sunsite.unc.edu. This version supports
both my VGAlib and X11. I have uploaded the following files:
    1. gp32bin.tar.Z: binaries compiled with gcc 2.3.3
    2. gp32src.tar.Z: sources modified to support VGAlib
To compile GNUPLOT you will also need to install VGAlib which is
available at sunsite.unc.edu as vgalib12.tar.Z.


2. IPC - msgsnd problem

3. ANNOUNCE: octave-0.66 re-uploaded at sunsite.unc.edu

4. ServeurX for Matrox Mystic

5. ANNOUNCE: Version 0.2 of libgr.so uploaded to sunsite.unc.edu

6. possible tcsh pipe and/or redirection bug

7. ANNOUNCE: PINE 3.05 is on sunsite.unc.edu and tsx-11.mit.edu

8. Query regarding vnode ops in /proc

9. PPP version 2.2.0d uploaded to sunsite.unc.edu

10. xlispstat uploaded to sunsite.unc.edu

11. newspak1.1 uploaded to sunsite.unc.edu

12. GCC 2.4.3 i486 binaries uploaded to sunsite.unc.edu

13. Small threads library uploaded to sunsite.unc.edu