Security holes in VGA setuid-root utils

Security holes in VGA setuid-root utils

Post by JoSH Leh » Wed, 13 Jul 1994 19:39:10



My site was broken into a few months ago using one of the VGA utilities in
/usr/bin that was setuid-root.  It has a hole which allows any file
(/etc/passwd in my case) to be overwritten.  I have since then removed the
setuid bit from it and other programs.

I would recommend against having these VGA utilities setuid-root.  In fact,
I set mine to be runnable by no one EXCEPT root.  Someone could break in
from offsite and tweak your VGA settings, preventing you from seeing what's
being done!  Has anyone else had experience with this hole?

Josh

--
       ______   printf("\x1B[1;35m\x1F\x1B[0m");            "Look to the/\
JoSH Lehan  /                                                future!"--/{}\

         \/                                  ^^^ Try Linux instead.  /______\

 
 
 

Security holes in VGA setuid-root utils

Post by Beeblebr » Fri, 15 Jul 1994 03:09:17



>I would recommend against having these VGA utilities setuid-root.  In fact,
>I set mine to be runnable by no one EXCEPT root.

There's nothing wrong with it being setuid so long as it is only group
executable.  It should be executable by the group of usercodes which have
access to your machine's console.  This is necessary and sufficient, since
only people who have access to console should run them and anyone with access
to console has as good as got root access anyway (not necessarily but
certainly with all current distributions).

As usual, make sure that only people who need to have access to programs have
access to them.

Of course, since you'll have the source, you could always fix the security
hole.
___

C++ consultant and emacs support.         Mail me if you have any problems.

 
 
 

1. Security holes in VGA setuid-root utils

There's nothing wrong with it being setuid so long as it is only group
executable.  It should be executable by the group of usercodes which have
access to your machine's console.  This is necessary and sufficient, since
only people who have access to console should run them and anyone with
access
to console has as good as got root access anyway (not necessarily but
certainly with all current distributions).

As usual, make sure that only people who need to have access to programs
have
access to them.

Of course, since you'll have the source, you could always fix the security
hole.
___

C++ consultant and emacs support.         Mail me if you have any problems.

2. Another Newbie needs help!

3. best-of-security mailing list (was: Solaris 2.5 Security Hole: local users can get root)

4. debugging C++ code in LinuxPPC

5. Security hole if man-2.0a2 installed setuid

6. Moving from BSD to Solaris

7. #! /bin/sh - setuid - Why is it a security hole?

8. Rusty's 3 line masquerading - how secure?

9. Security holes, and setuids

10. AIX setuid/setgid security hole

11. SETUID STRIPTS ARE A SECURITY HOLE

12. Security Hole on webservers run on variuos OS, How to close UNIS hole

13. Closing suid root security holes forever