CERT Advisory CA-97.06: BAD rlogin_wrapper.c installation

CERT Advisory CA-97.06: BAD rlogin_wrapper.c installation

Post by Ole Holm Niels » Thu, 13 Feb 1997 04:00:00



We installed the rlogin_wrapper.c recommended in CERT Advisory CA-97.06,
with the installation advice:

 * Installation (as root):
 *      # mkdir /usr/bin/wrapped
 *      # chmod 500 /usr/bin/wrapped
 *      # mv /usr/bin/rlogin /usr/bin/wrapped/rlogin
 *      # chmod 100 /usr/bin/wrapped/rlogin
 *      # cc -O rlogin_wrapper.c -o /usr/bin/rlogin
 *      # chmod 4711 /usr/bin/rlogin

This is BAD advice !  When /usr is NFS-mounted (in the case of diskless/
dataless NFS clients), the root user on the NFS client CANNOT access
the /usr/bin/wrapped directory !!!

A possible solution may be:

chgrp staff /usr/bin/wrapped /usr/bin/rlogin
chmod  550 /usr/bin/wrapped
chmod 6711 /usr/bin/rlogin

(assuming that the root user on the NFS client is in group staff).
This will permit the sgid-staff executable /usr/bin/rlogin to exec
/usr/bin/wrapped/rlogin.

I am not 100% sure that this solution will work correctly, nor about
possible security problems, so use it at your own risk.

With best regards,

Ole H. Nielsen
Department of Physics, Building 307
Technical University of Denmark, DK-2800 Lyngby, Denmark

WWW URL: http://www.fysik.dtu.dk/persons/ohnielse.html
Telephone: (+45) 45 25 31 87
Telefax:   (+45) 45 93 23 99

 
 
 

CERT Advisory CA-97.06: BAD rlogin_wrapper.c installation

Post by Barry Margol » Thu, 13 Feb 1997 04:00:00




Quote:>This is BAD advice !  When /usr is NFS-mounted (in the case of diskless/
>dataless NFS clients), the root user on the NFS client CANNOT access
>the /usr/bin/wrapped directory !!!

Diskless clients are usually put in the "root=" list in the /etc/exports on
the server, because there are often a number of files that are only
readable by the superuser.  If you export /usr read-only, it should be
pretty safe to do this.
--
Barry Margolin
BBN Corporation, Cambridge, MA

(BBN customers, call (800) 632-7638 option 1 for support)

 
 
 

1. rlogin vulnerability: CERT Advisory CA-97.06

In the recent CERT advisory for the rlogin problem, APAR IX57972 is
listed as the fix for AIX 4.1.  This fix is contained in fileset
bos.net.tcp.client.4.1.4.13 (and perhaps others).

Does anyone know if this fix is just contained within the rlogin
executable, or if other parts of the fileset are needed?  On some of
our systems we'd like to get away with just distributing a new rlogin
instead of installing that fileset and all of its prerequisites, if
possible.

-Phil                   Cornell Theory Center

2. needed: 5.1 RedHat/RPMS and installation CD

3. SunOS not vulnerable to rlogin bug (CERT CA-97.06)

4. ksh -t 0-2

5. HTTPD and CERT advisory CA-97.07

6. XFree86 on iMac 233 with mach64

7. CA Cert with OpenSSL not recognised as "CA" cert

8. configuring two 3c509b does not work

9. CA-97.04 patched ntalk?

10. CERT Advisory CA-94:09.bin.login.vulnerability

11. CERT Advisory CA-2002-25 & Sun Alert 46122

12. CERT Advisory CA-2002-11 Heap Overflow in Cachefs Daemon (cachefsd)

13. SUN response to CERT Advisory CA-99-11?