Re: Bug#58640: wrapper does not handle fakeroot well

To: Roland Rosenfeld <roland@spinnaker.de>
Cc: debian-devel@lists.debian.org
Subject: Re: Bug#58640: wrapper does not handle fakeroot well
From: ruud@ruud.org (Ruud de Rooij)
Date: Wed, 23 Feb 2000 14:22:30 +0100
Message-id: <20000223132231.87C24FF9F@stef.work.ruud.org>
In-reply-to: Message from Roland Rosenfeld <roland@spinnaker.de> of "23 Feb 2000 12:32:34 GMT." <890k12$h9p$1@luv.rhein.de>

On 2000/02/23, Roland Rosenfeld wrote:

> > as you can see if we get uid man then we just just chmod the man
> > binary writable just fine and write to it.
> 
> But the suid bit will disappear after changing the file (or is this a
> special of some shells?):
> 
> $ touch setuidprog
> $ chmod 4755 setuidprog
> $ ls -l setuidprog
> -rwsr-xr-x    1 roland   wizard          0 Feb 23 13:28 setuidprog
> $ echo "we just fubared setuidprog" > setuidprog
> $ ls -l setuidprog
> -rwxr-xr-x    1 roland   wizard         27 Feb 23 13:28 setuidprog
> 
> I tried this with ash and tcsh.
> 
> Maybe I'm not paranoid enough today?

Not paranoid enough indeed.  Since we are assuming that the man user id is
compromised, what's keeping the attacker from making the man binary setuid gain
after modifying it?

My 2 cents: what about a simple, non-setuid, C wrapper that does
nothing more than effectively
  setuid(nobody)
  exec(man)
If someone other than root executes this, the setuid has no effect; if root 
executes it, the man executable will be run as nobody.

	- Ruud de Rooij.
-- 
ruud de rooij | ruud@ruud.org | http://ruud.org

Reply to:

References:
- Re: Bug#58640: wrapper does not handle fakeroot well
  - From: Roland Rosenfeld <roland@spinnaker.de>

Prev by Date: apt-get upgrade failed this morning
Next by Date: Re: Bug#58640: wrapper does not handle fakeroot well
Previous by thread: Re: Bug#58640: wrapper does not handle fakeroot well
Next by thread: Re: Bug#58640: wrapper does not handle fakeroot well
Index(es):
- Date
- Thread