Re: Bug#7799: Potential Security Hole: bug with setuid/seteuid?
On Mon, 3 Mar 1997, John Goerzen wrote:
> It appears that Linux's setuid code allows a setuid program to access both
> real and effective uid files at once (without switching between the two).
> This is contrary to how it should be implemented.
Err... No it doesn't... _(;
(it's implemented in kernel/sched.c (line ~1140 for kernel 2.0.28) if you
want to have a look at how it's done.)
> uid_t uid = geteuid();
> seteuid(uid);
?!
> system("mail jgoerzen < /etc/issue");
>
> When running this, I send myself a mail. It should be indicated as being
> from root, but instead, the From: line reads "jgoerzen"!
And this is the plain expected behavior since mail determine who is
sending the mail by looking at who is logged on the tty it's called from.
(Took me a good while to understand this when I had this problem too ;)
Cordialement,
--
- ** Linux ** +-------------------+ ** WAW ** -
- vincent@debian.org | RENARDIAS Vincent | vincent@waw.com -
- Debian/GNU Linux +-------------------+ http://www.waw.com/ -
- http://www.debian.org/ | WAW (33) 4 91 81 21 45 -
- | Luminy (33) 4 91 82 85 32 -
---------------------------------------------------------------------------
Received: (qmail 11931 invoked by uid 888); 4 Mar 1997 19:52:40 -0000
Delivered-To: debian-lists--devel@master.debian.org
Received: (qmail 11921 invoked by uid 888); 4 Mar 1997 19:52:40 -0000
Delivered-To: debian-devel@lists.debian.org
Received: (qmail 11915 invoked from network); 4 Mar 1997 19:52:39 -0000
Received: from master.debian.org (HELO submailer.bugs.debian.org) (iwj@206.190.143.161)
by master.debian.org with SMTP; 4 Mar 1997 19:52:39 -0000
Received: by submailer.bugs.debian.org id m0w1z1L-000GOoC
(Debian /\oo/\ Smail3.1.29.1 #29.35); Tue, 4 Mar 97 10:33 PST
Subject: Bug#2481: sbin/ldconfig in scripts
Reply-To: Sven Rudolph <sr1@os.inf.tu-dresden.de>, 2481@bugs.debian.org
Resent-From: Sven Rudolph <sr1@os.inf.tu-dresden.de>
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: debian-devel@lists.debian.org
Resent-Date: Tue, 04 Mar 1997 18:33:02 GMT
Resent-Message-ID: <handler.2481.B2481.85749952713941@bugs.debian.org>
Resent-Sender: iwj@debian.org
X-Debian-PR-Package: general
X-Debian-PR-Keywords:
X-Loop: owner@bugs.debian.org
Received: via spool by 2481-bugs@bugs.debian.org id=B2481.85749952713941
(code B ref 2481); Tue, 04 Mar 1997 18:33:02 GMT
To: "Brian C. White" <bcwhite@verisim.com>, 2481@bugs.debian.org
References: <[🔎] m0w1meH-0003kWC@callandor.verisim.com>
<331C4E97.48DAD8D6@verisim.com>
From: Sven Rudolph <sr1@os.inf.tu-dresden.de>
Date: 04 Mar 1997 19:10:39 +0100
In-Reply-To: "Brian C. White"'s message of Tue, 04 Mar 1997 11:32:23 -0500
Message-ID: <87bu8zfrz4.fsf@os.inf.tu-dresden.de>
Lines: 21
X-Mailer: Gnus v5.3/Emacs 19.34
"Brian C. White" <bcwhite@verisim.com> writes:
> > A lot of packages are using `ldconfig' in their {pre,post}{inst,rm}
> > scripts. If `ldconfig' is called from such a script it should not have
> > a path prepended to it. Do not use `/sbin/ldconfig' but use
> > `ldconfig'. Before installation is started with `dpkg' a check is done
> > by `dpkg' if the programs `ldconfig', `start-stop-daemon',
> > `install-info' and `update-rc.d' can be found via the PATH environment
> > variable.
>
> While reasonable advice, I don't see why this has to remain open as
> a bug report any longer.
>
> Does anybody have any objection if I close it?
It should not be closed unless a bug report for all the packages that
still have this problem is filed.
Sven
--
Sven Rudolph <sr1@inf.tu-dresden.de> ; WWW : http://www.sax.de/~sr1/
Received: (qmail 28201 invoked by uid 888); 4 Mar 1997 20:04:23 -0000
Delivered-To: debian-lists--user@master.debian.org
Received: (qmail 28194 invoked by uid 888); 4 Mar 1997 20:04:22 -0000
Delivered-To: debian-user@lists.debian.org
Received: (qmail 28174 invoked from network); 4 Mar 1997 20:04:21 -0000
Received: from jeeves.egr.msu.edu (HELO egr.msu.edu) (35.9.32.49)
by master.debian.org with SMTP; 4 Mar 1997 20:04:20 -0000
Received: from scully by egr.msu.edu (SMI-8.6/1.34)
id OAA07598; Tue, 4 Mar 1997 14:56:00 -0500
Received: by scully (SMI-8.6/SMI-SVR4)
id OAA07783; Tue, 4 Mar 1997 14:56:03 -0500
Date: Tue, 4 Mar 1997 14:56:03 -0500 (EST)
From: dpk <dpk@egr.msu.edu>
X-Sender: dpk@scully
To: debian-user@lists.debian.org
Subject: color xterm
Message-ID: <Pine.SOL.3.91.970304145506.7748A-100000@scully>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
is there a package for color xterms for debian? if so, does anyone know
where it is? i have looked all over in the ftp site to find it with no luck.
thanks in advance,
dennis
=================================================================
| dpk | |
| DECS, Systems Undergrad | It is better for them to think you |
=========================== a fool, than to open your mouth |
| work: 353.8892 | and prove it. -Mark Twain |
| page: 253.0724 | |
=================================================================
Received: (qmail 28901 invoked by uid 888); 4 Mar 1997 20:04:47 -0000
Delivered-To: debian-lists--devel@master.debian.org
Received: (qmail 28892 invoked by uid 888); 4 Mar 1997 20:04:46 -0000
Delivered-To: debian-devel@lists.debian.org
Received: (qmail 28877 invoked from network); 4 Mar 1997 20:04:46 -0000
Received: from master.debian.org (HELO submailer.bugs.debian.org) (iwj@206.190.143.161)
by master.debian.org with SMTP; 4 Mar 1997 20:04:46 -0000
Received: by submailer.bugs.debian.org id m0w1zUM-000GOwC
(Debian /\oo/\ Smail3.1.29.1 #29.35); Tue, 4 Mar 97 11:03 PST
Subject: Bug#2481: sbin/ldconfig in scripts
Reply-To: "Brian C. White" <bcwhite@verisim.com>, 2481@bugs.debian.org
Resent-From: "Brian C. White" <bcwhite@verisim.com>
Orignal-Sender: bcwhite@axil.intranet.ca
Resent-To: debian-bugs-dist@lists.debian.org
Resent-CC: debian-devel@lists.debian.org
Resent-Date: Tue, 04 Mar 1997 19:03:02 GMT
Resent-Message-ID: <handler.2481.B2481.85750139221121@bugs.debian.org>
Resent-Sender: iwj@debian.org
X-Debian-PR-Package: general
X-Debian-PR-Keywords:
X-Loop: owner@bugs.debian.org
Received: via spool by 2481-bugs@bugs.debian.org id=B2481.85750139221121
(code B ref 2481); Tue, 04 Mar 1997 19:03:02 GMT
Sender: bcwhite@axil.intranet.ca
Message-ID: <331C6BEA.3D9C4772@verisim.com>
Date: Tue, 04 Mar 1997 13:37:30 -0500
From: "Brian C. White" <bcwhite@verisim.com>
Organization: Verisim, Inc. http://www.verisim.com/
X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.27 i486)
MIME-Version: 1.0
To: Sven Rudolph <sr1@os.inf.tu-dresden.de>
CC: 2481@bugs.debian.org
References: <[🔎] m0w1meH-0003kWC@callandor.verisim.com>
<331C4E97.48DAD8D6@verisim.com> <87bu8zfrz4.fsf@os.inf.tu-dresden.de>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> > > A lot of packages are using `ldconfig' in their {pre,post}{inst,rm}
> > > scripts. If `ldconfig' is called from such a script it should not have
> > > a path prepended to it. Do not use `/sbin/ldconfig' but use
> > > `ldconfig'. Before installation is started with `dpkg' a check is done
> > > by `dpkg' if the programs `ldconfig', `start-stop-daemon',
> > > `install-info' and `update-rc.d' can be found via the PATH environment
> > > variable.
> >
> > While reasonable advice, I don't see why this has to remain open as
> > a bug report any longer.
> >
> > Does anybody have any objection if I close it?
>
> It should not be closed unless a bug report for all the packages that
> still have this problem is filed.
If dpkg guarantees that at least /usr/sbin:/usr/bin:/sbin:/bin are in
the path, then everything can forget about paths. This would be a more
general solution and a bit cleaner over all. This would require changing
tests like
if [ -x $file ]
into something like:
if [ -n "`type -path $file`" ]
That version of "type" is specific to bash, though. Perhaps:
$filepath=`which $file`
if [ "`basename $filepath`" = "`basename $file`" ]
Brian
( bcwhite@verisim.com )
-------------------------------------------------------------------------------
Give others some insight into YOUR pages! http://www.verisim.com/insite/
Received: (qmail 1744 invoked by uid 888); 4 Mar 1997 20:08:23 -0000
Delivered-To: debian-lists--devel@master.debian.org
Received: (qmail 1731 invoked by uid 888); 4 Mar 1997 20:08:22 -0000
Delivered-To: debian-devel@lists.debian.org
Received: (qmail 1671 invoked from network); 4 Mar 1997 20:08:21 -0000
Received: from unknown (HELO fleming.jimpick.com) (root@204.209.211.27)
by master.debian.org with SMTP; 4 Mar 1997 20:08:19 -0000
Received: from jimpick.com (jim@localhost [127.0.0.1])
by fleming.jimpick.com (8.8.5/8.8.5) with ESMTP id LAA30788
for <debian-devel@lists.debian.org>; Tue, 4 Mar 1997 11:59:59 -0800
Message-Id: <199703041959.LAA30788@fleming.jimpick.com>
X-Mailer: exmh version 1.6.9 8/22/96
To: debian-devel@lists.debian.org
Subject: dwww status
X-Url: http://www.jimpick.com/
X-Face: Hz"C77\53<,u1}C~=DFwS#Ddj161XLl6W!3g7xjxh*P'`FF^-IYQXX$a*WC~=^8rvy"~<3z
UeQqGo&KZe[}lJg`\+SDMGRVIUJ~P,#(=w~yYv{g9i%"k|\J|jYVvv^Bzfwo=@AddrDMO<xV_IAl`(
TW7;|vH6Kik(,iljluXex0vrnM:SedI@lbAeNvM
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-147362448P";
micalg=pgp-md5; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 04 Mar 1997 11:59:58 -0800
From: Jim Pick <jim@jimpick.com>
--==_Exmh_-147362448P
Content-Type: text/plain; charset=us-ascii
It looks like I won't be able to release dwww until next weekend.
Some unforseen system/network/sendmail/ppp/NIS/xntp/etc.. problems ate up
all of my free time. Arrrghhh.
Cheers,
- Jim
--==_Exmh_-147362448P
Content-Type: application/pgp-signature
-----BEGIN PGP MESSAGE-----
Version: 2.6.3
iQB1AwUBMxx/UX59sdLqNNqRAQGgsQL7B/cFSr0u7bZoQxtA5MECUpgEmG00dDdB
bFZUKrB8tCJ5ywMCVVUkEtz5RGr9eANU4yjf/D9++sbVtpVFEIDBoQu08cu+1as7
uXWCwhOeH5pvTz3PhHWIHO6HMn4qeI6k
=GaTn
-----END PGP MESSAGE-----
--==_Exmh_-147362448P--
Reply to: