[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#58640: wrapper does not handle fakeroot well

On 2000/02/23, Roland Rosenfeld wrote:

> > as you can see if we get uid man then we just just chmod the man
> > binary writable just fine and write to it.
> But the suid bit will disappear after changing the file (or is this a
> special of some shells?):
> $ touch setuidprog
> $ chmod 4755 setuidprog
> $ ls -l setuidprog
> -rwsr-xr-x    1 roland   wizard          0 Feb 23 13:28 setuidprog
> $ echo "we just fubared setuidprog" > setuidprog
> $ ls -l setuidprog
> -rwxr-xr-x    1 roland   wizard         27 Feb 23 13:28 setuidprog
> I tried this with ash and tcsh.
> Maybe I'm not paranoid enough today?

Not paranoid enough indeed.  Since we are assuming that the man user id is
compromised, what's keeping the attacker from making the man binary setuid gain
after modifying it?

My 2 cents: what about a simple, non-setuid, C wrapper that does
nothing more than effectively
If someone other than root executes this, the setuid has no effect; if root 
executes it, the man executable will be run as nobody.

	- Ruud de Rooij.
ruud de rooij | ruud@ruud.org | http://ruud.org

Reply to: