Bug#689562: utempter: Allows fake host setting
Some relevant discussion:
http://archives.neohapsis.com/archives/linux/lsap/2001-q1/0067.html
>> After reading the code, ... utempter
>> allow for setting arbitrary ut_host's.
>
> Hm, version 0.5 which is what we're using has this:
>
> if (!getuid()) {
> host = argv[3]; /* either NULL or something real */
> } else {
> host = NULL;
> }
>
> which seems perfectly safe to me.
I didn't notice the UID check. Why would utempter be run
as root, though? ...
...
> ... Or take ut_host; connecting to your sshd and making the
> reverse lookup return funky stuff definitely has potential as well.
Yes, and I am not sure of where this should be fixed. Maybe the libc
interface should sanitize the structure contents before writing? But
then there's not even a return value to indicate the error. Perhaps,
just log the IP address when the hostname looks bad? (The IP address
is (should be) also logged separately either way.)
Cheers, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: