Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1996: Re: setuid lp script

Re: setuid lp script

Casper Dik (casperholland.Sun.COM)
Thu, 15 Aug 1996 17:46:45 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: donparanoia.com: "Re: [linux-security] Re: Possible bufferoverflow condition in"
Previous message: Gene Titus: "Re: Tracking tools?"
In reply to: Francis Liu: "setuid lp script"

>What is the purpose of /etc/lp/alters/printers on a solaris machine?
>It is a setuid lp script.  I have run Casper's fix-modes script, but
>this file's permissions were not changed.


The fix-modes script only fixed about 4000+ group writable files/directories.

It doesn't fix set-uid/set-gid programs that shouldn't be.

(Such as sulogin, login,  /sbin/su)

I have no idea what /etc/lp/alerts/printers does.

However, I never bothered to get it fixed because it's harmless.

A set-uid shell script that doesn't start with "#!/bin/sh -p" will
cause /bin/sh to reset the euid back to the ruid immediately.


As truss shows:

4423:   execve("/etc/lp/alerts/printer", 0xEFFFF7F4, 0xEFFFF7FC)  argc = 2
4423:       *** SUID: ruid/euid/suid = 1001 / 71 / 71  ***
4423:   getuid()                                        = 1001 [71]
4423:   getuid()                                        = 1001 [71]
4423:   setuid(1001)                                   = 0


(note that getuid() and geteuid() are one and the same system call,
it returns both values in different registers)

Casper

Next message: donparanoia.com: "Re: [linux-security] Re: Possible bufferoverflow condition in"
Previous message: Gene Titus: "Re: Tracking tools?"
In reply to: Francis Liu: "setuid lp script"