Re: Samba 3.x + kernel 2.6.x local root vulnerability

From: Frank Louwers (frank_at_openminds.be)
Date: 02/10/04

  • Next message: Stephen Martin: "RE: Hysterical first technical alert from US-CERT" 
    Date: Tue, 10 Feb 2004 08:42:29 +0100
To: bugtraq@securityfocus.com

    On Mon, Feb 09, 2004 at 02:03:47PM -0800, Seth Arnold wrote:
    > On Mon, Feb 09, 2004 at 10:23:03PM +0100, Michal Medvecky wrote:
    >
    > I haven't got a clue what you're trying to accomplish. If you don't want
    > a setuid execute, DON'T RUN chmod +s! You don't even need samba to
    > accomplish this:
    >
    >
    > I expect this behaviour out of every Linux, BSD, commercial Unix,
    > Windows NT with POSIX emulation, QNX, etc.
    >
    > Can you please explain what specifically bothers you?

    I think his point is this:

    Image you have a user account luser on box foo. You do not have root on
    foo. However, you do have root on box bar. If you are allowed to
    smbmount stuff on foo as user luser, (which is a BadThing(tm), but
    default behaviour on some systems as it seems), and you smbmount a share
    on bar, and use that suid shell, you actually have root control on foo!

    Kind Regards,
    Frank Louwers 

    -- 
Openminds bvba                www.openminds.be
Tweebruggenstraat 16  -  9000 Gent  -  Belgium

  • Next message: Stephen Martin: "RE: Hysterical first technical alert from US-CERT"

    Relevant Pages

    • Re: Re: Ruby/Tk: How to access surrounding class from Tk Callback?
      ... # Do something with @root and @foo ... puts @root.foo # DOES NOT WORK ... @root in your button's command is an instance variable ...
      (comp.lang.ruby)
    • Re: How to Configure Qmail on Fedora Core 1 Server
      ... > could well be good security reasons for root not to read his mail while ... Having options in the config file to ... All you need to do is to create another account 'foo' and alias root's ...
      (Fedora)
    • Re: How to Configure Qmail on Fedora Core 1 Server
      ... >>could well be good security reasons for root not to read his mail while ... >>while sitting at the desk) and on a Windows machine, no less, seems even ... >mail to foo. ... The foo account need not even have a valid shell to ...
      (Fedora)
    • [Fwd: Re: No printing at all!]
      ... I tested them, as I'll write below, only on a single machine ... > login as root and you should get a reasonable idea of what is going on. ... that allows only users in group foo, on one machine with several users, ... machine will be able to to change these settings ... ...
      (Debian-User)
    • Re: Samba 3.x + kernel 2.6.x local root vulnerability
      ... > Image you have a user account luser on box foo. ... you do have root on box bar. ... - It is not a requirement that you mount the fs as a luser. ... smbfs fakes the uid/gid as given to it by smbmnt ...
      (Bugtraq)