Bug#299007: base-files: Insecure PATH

To: psz@maths.usyd.edu.au, 299007@bugs.debian.org
Cc: bod@debian.org
Subject: Bug#299007: base-files: Insecure PATH
From: Bill Allombert <allomber@math.u-bordeaux.fr>
Date: Wed, 16 Mar 2005 20:19:25 +0100
Message-id: <[🔎] 20050316191925.GA22698@seventeen>
Reply-to: Bill Allombert <allomber@math.u-bordeaux.fr>, 299007@bugs.debian.org
In-reply-to: <[🔎] 200503161843.j2GIhJav028088@pisa.maths.usyd.edu.au>
References: <[🔎] 20050316125017.GA20144@londo.c47.org> <[🔎] 200503161843.j2GIhJav028088@pisa.maths.usyd.edu.au>

On Thu, Mar 17, 2005 at 05:43:19AM +1100, psz@maths.usyd.edu.au wrote:
> "Brendan O'Dea" <bod@debian.org> wrote:
> 
> > ... there's more at stake here than just PATH, since perl for example has
> > /usr/local/{lib,share}/perl earlier in @INC than /usr/{lib,share}/perl... 
> > 
> > I'm not sure what the emacs site-lisp search order is, but that may well
> > provide a similar vector.
> 
> Thanks for pointing out those avenues of attack.
> 
> In your summary you seem to have missed that any machines that share user
> files via writable NFS mounts are vulnerable. (Are vulnerable if you mount
> an NFS filesystem that is writable to others.)

No that is not true. You need to use root_squash for any semblance of
security anyway. In that case you can also use squash_gids to prevent
the attack. 

It is a security flaw with NFS rather than with Debian. I can design a
system so that random users can override any files not in group bin.
Will that make it a Debian bug?

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

References:
- Bug#299007: base-files: Insecure PATH
  - From: Brendan O'Dea <bod@debian.org>
- Bug#299007: base-files: Insecure PATH
  - From: psz@maths.usyd.edu.au

Prev by Date: Bug#299007: base-files: Insecure PATH
Next by Date: Bug#299007: base-files: Insecure PATH
Previous by thread: Bug#299007: base-files: Insecure PATH
Next by thread: Bug#299007: base-files: Insecure PATH
Index(es):
- Date
- Thread