Re: Security Problem !?!

To: matthew@tebbens.idsi.net (Matthew Tebbens)
Cc: debian-user@lists.debian.org
Subject: Re: Security Problem !?!
From: joost@rulcmc.leidenuniv.nl (joost witteveen)
Date: Sat, 18 Oct 1997 18:34:06 +0200 (CEST)
Message-id: <[🔎] m0xMbpG-000CL6C@rulcmc.leidenuniv.nl>
In-reply-to: <[🔎] Pine.LNX.3.96.971018111534.2373A-100000@tebbens.idsi.net> from Matthew Tebbens at "Oct 18, 97 11:18:01 am"

> 
> No, I was not running patch as root.
> I've done it a number of times now with the same result !


Well, if that is true, then eighter you've got a setuid
patch (likely, though it means whoever did it should be banned
from ever touching a keyboard again. If you did it, then tough),
or you've really found an enourmous bug in the kernel.

As you can see, when I run patch as non-root, the files created
are not owned by root, so it only happens on your machine.

> I have not changed anything with regard to patch....
> I'll test again today, but I'm sure I'll get the same
> results.
> 
> Matthew
> 
> 
> 
> On Sat, 18 Oct 1997, joost witteveen wrote:
> 
> > > 
> > > I'm not sure if this is suppose to happen, but it sure
> > > looks serious to me...
> > > 
> > > While patching some source code I noticed that all the files
> > > that were patched were now group owned by root !?!
> > > 
> > > The command I used was:
> > > patch -p1 < patch.diff
> > > 
> > > I've done this a few times to check, and each time it changes.
> > > Is this suppose to happen ??
> > 
> > No, you're not supposed to run patch as root. Patch
> > apparently creates a new file before starting to apply the changes
> > to that particular file, and the creation happens as the UID that
> > started patch. In your case, this, as you were root when you  ran
> > patch, this UID was 0 (root).
> > 
> > See transcript where you can see the original file hoi1 has inode
> > 412018, but after patching, the inode changed to 32923. Thus patch
> > has created that file anew:
> > 
> > 
> > rulcmc:~/rommel$ echo hoi > hoi1
> > rulcmc:~/rommel$ echo hoi1 > hoi2
> > rulcmc:~/rommel$ ls -ali hoi1 hoi2
> >  412018 -rw-r--r--   1 joost    users           4 Oct 18 12:07 hoi1
> >  412019 -rw-r--r--   1 joost    users           5 Oct 18 12:07 hoi2
> > rulcmc:~/rommel$ diff -u hoi1 hoi2|patch
> > patching file `hoi1'
> > rulcmc:~/rommel$ ls -ali hoi1 hoi2
> >   32923 -rw-r--r--   1 joost    users           5 Oct 18 12:07 hoi1
> >  412019 -rw-r--r--   1 joost    users           5 Oct 18 12:07 hoi2
> > 
> > I think it's quite normal that patch creates files owned by
> > the user whos starts patch, and indeed, I wouldn't want patch
> > to mess around with the ownership of that file.
> > 
> > PS: if you really were running patch as non-root, you've descovered
> >     a very, very, very, very enourmously serious security bug.
> >     But I'm sure you haven't
> > -- 
> > joost witteveen, joostje@debian.org
> > #!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> > $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
> > lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
> > #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
> > 
> 


-- 
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- Re: Security Problem !?!
  - From: Matthew Tebbens <matthew@tebbens.idsi.net>

Prev by Date: Re: exim / mh problems
Next by Date: Re: problem with leafnode and gnus
Previous by thread: Re: Security Problem !?!
Next by thread: kde for debian's menu program
Index(es):
- Date
- Thread