Re: Fwd: Multiple vendor 'Taylor UUCP' problems.

From: Kris Kennaway (kris@obsecurity.org)
Date: 09/09/01


Date: Sat, 8 Sep 2001 18:56:02 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: "Andrey A. Chernov" <ache@nagual.pp.ru>


On Sun, Sep 09, 2001 at 05:44:58AM +0400, Andrey A. Chernov wrote:
> On Sat, Sep 08, 2001 at 19:20:56 -0600, Todd C. Miller wrote:
> > In message <20010908180848.A94567@xor.obsecurity.org>
> > so spake Kris Kennaway (kris):
> >
> > > The vulnerability involves uucp being made to run arbitrary commands
> > > as the uucp user through specifying a custom configuration file - see
> > > bugtraq. There may be other problems resulting from user-specified
> > > configuration files. I don't have time to go through the code and fix
> > > up the revocation of privileges right now..in the meantime, this
> > > prevents the root exploit where a user replaces a uucp-owned binary
> > > like uustat, which is called daily by /etc/periodic.
> >
> > Is there really any reason to run uustat as root? Why not just run
> > it as user uucp via su? For that matter, running non-root owned
> > executables from daily seems like a really bad idea.
>
> I agree. There is no needs to deal with privileges revocation at all if
> "uucp" user itself is well restricted, just protect system "uucp" owned
> binaries from owerwritting by "uucp" user using schg flag.

That doesn't protect NFS-mounted systems, and doesn't prevent
arbitrary users from reading/modifying the UUCP spool files.

Kris



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Relevant Pages