[H-GEN] [Debian 2.0] /usr/bin/suidexec gives root access
Christopher Biggs
chris at stallion.oz.au
Tue Apr 28 17:45:42 EDT 1998
------- Start of forwarded message -------
Message-ID: <19980428152854.A12681 at sobolev.rhein.de>
Date: Tue, 28 Apr 1998 15:28:54 +0200
Reply-To: Thomas Roessler <roessler at guug.de>
From: Thomas Roessler <roessler at guug.de>
Subject: [Debian 2.0] /usr/bin/suidexec gives root access
To: BUGTRAQ at netspace.org
Executive summary: /usr/bin/suidexec gives every user a
root shell. Remove it.
tlr
----- Forwarded message from Thomas Roessler <roessler at guug.de> -----
Date: Tue, 28 Apr 1998 15:21:17 +0200
From: Thomas Roessler <roessler at guug.de>
Subject: suidmanager: SECURITY BREACH: /usr/bin/suidexec gives root acc=
ess to every user on the system
To: submit at bugs.debian.org
Package: suidmanager
Version: 0.18
[This report also goes to the bugtraq mailing list.]
/usr/bin/suidexec will execute arbitrary commands as root,
as soon as just _one_ suid root shell script can be found
on the system: Just invoke
/usr/bin/suidexec <your program> /path/to/script
- it will happily execute your program with euid =3D 0. This
is completely sufficient for doing arbitrary damage on the
system.
Additionally, suidexec will fail with shells which close
all but the "standard" file descriptorson startup:
/proc/self/fd/<N> (which is the file descriptor suidexec
has opened for the shell script in question) will have
vanished after this. I am actually considering this a
feature, as it avoids some of the $HOME/.cshrc related
standard exploits.
SOLUTION: Just drop suidexec from the distribution. Trying
to do setuid shell scripts is almost always a bad idea. If
you absolutely need such things, use sudo.
-- System Information
Debian Release: 2.0 (frozen)
Kernel Version: Linux sobolev 2.0.33 #16 Sun Apr 19 23:48:02 MEST 1998 =
i586 unknown
Versions of the packages suidmanager depends on:
libc6 Version: 2.0.7pre1-4
----- End forwarded message -----
--
Thomas Roessler =B7 74a353cc0b19 =B7 dg1ktr =B7 http://home.pages.de/~r=
oessler/
2048/CE6AC6C1 =B7 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1
------- End of forwarded message -------
----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe
More information about the General
mailing list