Re: Environment Poisoning and login -p

From: Andrew McNaughton (andrew_at_scoop.co.nz)
Date: 02/28/04

  • Next message: Peter Rosa: "Darkstat" 
    Date: Sat, 28 Feb 2004 15:54:01 +1300 (NZDT)
To: freebsd-security@freebsd.org

    On Fri, 27 Feb 2004, Peter Pentchev wrote:
    > On Fri, Feb 27, 2004 at 05:13:53AM -0600, D J Hawkey Jr wrote:
    > > On Feb 26, at 03:03 PM, Tim Kientzle wrote:
    > > >
    > > > Andrey Chernov wrote:
    > > > >On Wed, Feb 25, 2004 at 10:54:31AM -0800, Tim Kientzle wrote:
    > > > >
    > > > >>Possible fix: Have login unconditionally discard LD_LIBRARY_PATH
    > > > >>and LD_PRELOAD from the environment, even if "-p" is specified.
    > > > >
    > > > >Yes! It is what I say from very beginning. It is so obvious that I wonder
    > > > >why others not see it first.
    > > >
    > > > Instead, I've decided to follow Jacques Vidrine's
    > > > suggestion of using a whitelist of environment variables
    > > > that are "known-safe."

    Sounds sensible for me, but it exagerates the need for a configuration
    file.

    In the sudo man page under 'SECURITY NOTES', there's some details of a
    blacklist approach taken by sudo, dealing with similar issues. Worth
    looking at while considering the extent of this problem, and because
    omissions in sudo's blacklist are likely to have been discussed somewhere
    already.

    > > Coming in from left field... Will there be some sort of mechanism for
    > > an admin to set/modify this list?

    > Surely you are aware of the consequences of s/admin/intruder/? :)
    > Still, it might be useful indeed.

    If the intruder already has root, there's not much to lose here.

    Andrew McNaughton 

    --
No added Sugar.  Not tested on animals.  May contain traces of Nuts.  If
irritation occurs, discontinue use.
-------------------------------------------------------------------
Andrew McNaughton           Currently in Boomer Bay, Tasmania
andrew@scoop.co.nz
Mobile: +61 422 753 792     http://staff.scoop.co.nz/andrew/cv.doc
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
  • Next message: Peter Rosa: "Darkstat"

    Relevant Pages

    • Re: Cant authenticate in NetInfo Manager
      ... configuration* of sudo, which is *different* than the default configuration in that it doesn't ask for a password, as supposed proof that sudo is less secure than logging into a root shell. ... Ah, so security is all about locking the stable door after the horse has bolted, and being able to work out who unlocked it and exactly which lock pick they used. ...
      (comp.sys.mac.system)
    • Re: Cant authenticate in NetInfo Manager
      ... configuration* of sudo, which is *different* than the default configuration in that it doesn't ask for a password, as supposed proof that sudo is less secure than logging into a root shell. ...
      (comp.sys.mac.system)
    • Re: New Debian Package Customization HOWTO
      ... >> sudo unless they know what they're doing. ... The sudo configuration here ... > arbitrary command run as root. ... Even if it's only in the chroot, ...
      (Debian-User)
    • Re: gksudo without sudo
      ... configure sudo in order to run any of the admin apps from the Gnome menus. ... isn't expecting to install the gui/desktop env.; ... Admin launchers configured to use gksudo, ... I do have a default Ubuntu "Desktop" configuration and ...
      (Ubuntu)
    • FW: FW: FW: Adding OpenBSD sudo to the FreeBSD base system?
      ... And stop before you come back with saying you have to configure it. ... But the next guy might want sudo and be able to give limited access to to ... Your claim is baseless. ... If sudo WERE included in the base system, the default configuration COULD ...
      (FreeBSD-Security)