Security hole if man-2.0a2 installed setuid

Security hole if man-2.0a2 installed setuid

Post by Kim-Minh Kapl » Thu, 02 Jun 1994 10:14:45



  There's a security hole in man-2.0a2 if the program is installed
setuid (and typing `make install' does that). Users can gain damemon's
rights, and probabily root's as well. I sent a patch to correct this
to the autor. In the mean time I recommand that you do:

        # chmod 755 /usr/bin/man

  Note: I think that this problem exists in all previous versions of
this man package. So event if you use an old one you should not setuid
it!

---

Kim-Minh KAPLAN, 2 square des Mimosas, 75013 Paris -- France.
--

---

Kim-Minh KAPLAN, 2 square des Mimosas, 75013 Paris -- France.

--

Be sure to include Keywords: and a short description of your software.

 
 
 

1. Security holes in VGA setuid-root utils

My site was broken into a few months ago using one of the VGA utilities in
/usr/bin that was setuid-root.  It has a hole which allows any file
(/etc/passwd in my case) to be overwritten.  I have since then removed the
setuid bit from it and other programs.

I would recommend against having these VGA utilities setuid-root.  In fact,
I set mine to be runnable by no one EXCEPT root.  Someone could break in
from offsite and tweak your VGA settings, preventing you from seeing what's
being done!  Has anyone else had experience with this hole?

Josh

--
       ______   printf("\x1B[1;35m\x1F\x1B[0m");            "Look to the/\
JoSH Lehan  /                                                future!"--/{}\

         \/                                  ^^^ Try Linux instead.  /______\

2. Gravis PnP Pro --sound playing prob

3. #! /bin/sh - setuid - Why is it a security hole?

4. Shareable Images/dynamic binding possible with Unix?

5. Security holes, and setuids

6. lapack++ for linux, any one?

7. AIX setuid/setgid security hole

8. CDRW Advice

9. SETUID STRIPTS ARE A SECURITY HOLE

10. Security holes in VGA setuid-root utils

11. May SysAdmin man.sh security hole

12. Security Hole on webservers run on variuos OS, How to close UNIS hole

13. best-of-security mailing list (was: Solaris 2.5 Security Hole: local users can get root)