Bug#299007: base-files: Insecure PATH
Brendan O'Dea <bod@debian.org> wrote:
> ... the current situation poses no security risks without the
> administrator choosing to add users to the staff group.
Sorry, that is wrong. Quoting from the original bug report:
> Become-any-user-but-root and become-any-group-but-root bugs are quite
> common. When a group of machines share user home directories via NFS
> exported from somewhere with default root-squash, getting root on one
> machine gives precisely that on all others of the group. There have
> been "genuine" such bugs also e.g. in sendmail [6].
Bill Allombert <allomber@math.u-bordeaux.fr> wrote:
> ... there is at least an other group in Debian that is equivalent
> to root access, namely disk, and there are others that present a
> security risk (e.g. shadow). Why special casing staff ?
Thanks for pointing those out! Add group tty also? All should be
"squashed" (and the objects owned by root:root instead).
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: