Huge security hole in elvis (Slackware)

Huge security hole in elvis (Slackware)

Post by C. Armour-Kids » Mon, 25 Jul 1994 06:27:07



I just discovered this:

In Slackware, the permissions on the /usr/preserve directory are publically
readable and the elvrec program is not suid root.  What needs to happen
of course is to set /usr/bin/elvrec to owner=root:bin, perms=1755 and
/usr/preserve to perms=700.

cak
Geekium Rex

--

+--------------------------------------------------------------------------+
| The content of this message was originally recorded on analog equipment. |
| We have attempted to preserve, as closely as possible, the content of    |

 
 
 

Huge security hole in elvis (Slackware)

Post by ddel.. » Mon, 25 Jul 1994 13:33:57




>I just discovered this:

>In Slackware, the permissions on the /usr/preserve directory are publically
>readable and the elvrec program is not suid root.  What needs to happen
>of course is to set /usr/bin/elvrec to owner=root:bin, perms=1755 and
>/usr/preserve to perms=700.

>cak
>Geekium Rex

I would suggest setting up a group "elvis", setting elvrec, virec,
and elvprsv to owner bin:elvis, perms = 2755 and the directory /usr/preserve
to owner root:elvis perms = 1770.  You can also accomplish the same thing by
setting up a user elvis (or whatever), and set
elvrec, virec, and elvprsv to owner elvis, perms = 4755
/usr/preserve owner elvis perms = 700

Making any user accessible program suid root is inherently dangerous, and
should be avoided as much as possible.  I'm sure elvis is pretty safe, but the
above is probably a good idea if you are afraid anyone is going to try to
seriously hack with your system.

Just my $0.02

Dave

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
```````````````````````````````````````````````````````````````````````````````
     _/_/_/_/     _/_/        _/_/   _/_/_/_/       David M. Del Signore
      _/    _/     _/_/    _/_/       _/    _/      University of Toledo
     _/     _/    _/ _/  _/ _/       _/     _/          Toledo, Ohio
    _/     _/    _/  _/_/  _/       _/     _/


,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
```````````````````````````````````````````````````````````````````````````````

 
 
 

Huge security hole in elvis (Slackware)

Post by Robert Alata » Tue, 26 Jul 1994 00:43:30



>Making any user accessible program suid root is inherently dangerous, and
>should be avoided as much as possible.  I'm sure elvis is pretty safe, but the

                                                         ^^^^^^^^^^^^^^
an editor being setuid root !!!!!!!!! what's to prevent elvis /etc/passwd

Quote:>above is probably a good idea if you are afraid anyone is going to try to
>seriously hack with your system.

i agree with everything you said except the underlined part
-robert
 
 
 

Huge security hole in elvis (Slackware)

Post by Dan McGui » Tue, 26 Jul 1994 03:11:47




>I just discovered this:

>In Slackware, the permissions on the /usr/preserve directory are publically
>readable and the elvrec program is not suid root.  What needs to happen
>of course is to set /usr/bin/elvrec to owner=root:bin, perms=1755 and
>/usr/preserve to perms=700.

Actually, this does not seem to be a hole, unless your /usr/preserve
(on mine linked to /var/preserve) is also world-writable, or your
elvis is setuid.  If elvis can't write to the directory /usr/preserve
(mine is mode 755), when it dies it just saves the text to
/tmp/elv_PID.1, where PID is the process-ID, mode 600, owned by the
user that created the file.  No problem there...

BTW, are you sure you didn't mean 2755 for the permissions?

I wouldn't want to run elvis setuid anyway--too much potential for
other holes...
--

                           ~burning inside~

 
 
 

Huge security hole in elvis (Slackware)

Post by C. Armour-Kids » Fri, 05 Aug 1994 03:25:10






>>In Slackware, the permissions on the /usr/preserve directory are publically
>>readable and the elvrec program is not suid root.  What needs to happen
>>of course is to set /usr/bin/elvrec to owner=root:bin, perms=1755 and
>>/usr/preserve to perms=700.

>BTW, are you sure you didn't mean 2755 for the permissions?

        Actually yes.  Whenever I try to post something important, I
invariably*it up!

cak
Geekium Rex

--
+--------------------------------------------------------------------------+
| The content of this message was originally recorded on analog equipment. |
| We have attempted to preserve, as closely as possible, the content of    |
| the original recording.  Because of its high resolution, however, the    |

 
 
 

Huge security hole in elvis (Slackware)

Post by Arlie Dav » Sun, 28 Aug 1994 03:32:36



>>Making any user accessible program suid root is inherently dangerous, and
>>should be avoided as much as possible.  I'm sure elvis is pretty safe, but the
>                                                         ^^^^^^^^^^^^^^
>an editor being setuid root !!!!!!!!! what's to prevent elvis /etc/passwd

It's called "setuid(getuid());".

You don't just go around making random programs suid or sgid.

--
-- Arlie Davis          | The Point: Inexpensive, high-quality public Internet

-- System administrator | Dial direct at (812)246-8032, or over Internet.
-- E Pluribus UNIX      | FTP: ftp.thepoint.com  HTTP: http://www.thepoint.com