COPS: uudecode

COPS: uudecode

Post by Jason Conrad Sokolos » Fri, 07 Oct 1994 04:46:00



COPS says that on my system uudecode can produce suid files, but
I can't figure out how to do this.  Does anyone know???

Thanks,
Jason

--
Jason Sokolosky                      



 
 
 

COPS: uudecode

Post by Barry Margol » Sun, 09 Oct 1994 07:29:02



Quote:>COPS says that on my system uudecode can produce suid files, but
>I can't figure out how to do this.  Does anyone know???

The "begin" line of a uuencoded file contains a protection mode in octal.
Many versions of uudecode place no restrictions on the value of this mode,
and simply pass it to chmod(2).  Thus, if it includes the setuid or setgid
bit, these versions of uudecode can create setuid files.  If root runs
uudecode on such a file, it will create a setuid-root file.  Since many
users (often even superusers) don't look at the "begin" line of a file
carefully, they may not notice this.

--

Barry Margolin
BBN Internet Services Corp.


 
 
 

COPS: uudecode

Post by Karsten Thyges » Fri, 14 Oct 1994 04:30:36


Barry> The "begin" line of a uuencoded file contains a protection mode
Barry> in octal.  Many versions of uudecode place no restrictions on
Barry> the value of this mode, and simply pass it to chmod(2).  Thus,
Barry> if it includes the setuid or setgid bit, these versions of
Barry> uudecode can create setuid files.  If root runs uudecode on
Barry> such a file, it will create a setuid-root file.  Since many
Barry> users (often even superusers) don't look at the "begin" line of
Barry> a file carefully, they may not notice this.

Even worse: many sites have mail aliases like this:

# Aliases to handle mail to programs or files, eg news or vacation
decode: "|/usr/bin/uudecode"

Since mail is running as root, you can just mail a /bin/sh uuencoded

a funny file :-)

I have newer tried this myself, as I have newer seen such a uudecoder.

Best regards,
Karsten.
--
--
Karsten Thygesen                     I Aalborg, Denmark

Chairman, Danish NeXT Users Group    I Fax:   +45 98 12 44 81

 
 
 

COPS: uudecode

Post by Tom Wilberdin » Sat, 15 Oct 1994 13:39:49






>Barry> The "begin" line of a uuencoded file contains a protection mode
>Barry> in octal.  Many versions of uudecode place no restrictions on
>Barry> the value of this mode, and simply pass it to chmod(2).  Thus,
>Barry> if it includes the setuid or setgid bit, these versions of
>Barry> uudecode can create setuid files.  If root runs uudecode on
>Barry> such a file, it will create a setuid-root file.  Since many
>Barry> users (often even superusers) don't look at the "begin" line of
>Barry> a file carefully, they may not notice this.

>Even worse: many sites have mail aliases like this:

># Aliases to handle mail to programs or files, eg news or vacation
>decode: "|/usr/bin/uudecode"

>Since mail is running as root, you can just mail a /bin/sh uuencoded

>a funny file :-)

>I have newer tried this myself, as I have newer seen such a uudecoder.

I don't think this is currently as much of a concern as it used to be.
sendmail doesn't run as root when delivering mail on most modern
unices.

It did on DomainOS, though. A user could put '|chmod 4777 /bin/sh' into
their own .forward file on an Apollo system. /etc/aliases usually isn't world
writable, so this was even easier.
--
tom wilberding                - the todd dean fan club...join today!

 
 
 

COPS: uudecode

Post by Roland Kaltefleit » Sun, 16 Oct 1994 09:11:19





>Barry> The "begin" line of a uuencoded file contains a protection mode
>Barry> in octal.  Many versions of uudecode place no restrictions on
>Barry> the value of this mode, and simply pass it to chmod(2).  Thus,
>Barry> if it includes the setuid or setgid bit, these versions of
>Barry> uudecode can create setuid files.  If root runs uudecode on
>Barry> such a file, it will create a setuid-root file.  Since many
>Barry> users (often even superusers) don't look at the "begin" line of
>Barry> a file carefully, they may not notice this.
>Even worse: many sites have mail aliases like this:
># Aliases to handle mail to programs or files, eg news or vacation
>decode: "|/usr/bin/uudecode"
>Since mail is running as root, you can just mail a /bin/sh uuencoded

>a funny file :-)
>I have newer tried this myself, as I have newer seen such a uudecoder.

Try HP-UX 9.04, works fine :-)

Roland

--
Dipl.-Phys. Roland Kaltefleiter, Gesch?ftsfhrer
NetUSE Kommunikationstechnologie GmbH, Harriesstra?e 17, 24114 Kiel
EUnet POP Kiel

 
 
 

1. How to use uudecode?

This should be a simple question. However, I find nothing about uuencode
and uudecode in the FAQ for this list, and, without examples, the man
page for these commands seems pretty ambiguous. Also, my Unix book
(Sobell) doesn't mention these very useful commands.

I succeeded in uuencoding a binary file AA using the statement

% uuencode AA BB > AA.uue

where BB is a dummy file, but I can't figure out how to decode it.
% uudecode AA.uue  doesn't do it.

Any help would be appreciated.

Jim Beauchamp

2. mail processing trouble

3. uuencode/uudecode

4. nVidia driver question.

5. Help with uudecode

6. Available speed governors for Athlon64

7. Need help on uudecode

8. lpd for dos?

9. Solaris 9 / Flash et uudecode errors

10. Why can't I uudecode?

11. uudecode?

12. uudecode fails with "No end line"

13. UUdecode