Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: Serious Linux 2.0.34 security problem

Re: Serious Linux 2.0.34 security problem

Liviu Daia (daiastoilow.imar.ro)
Wed, 1 Jul 1998 12:45:35 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nathan Dorfman: "Re: more problems with mailx"
Previous message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"

On 30 June 1998, David Luyer <luyerUCS.UWA.EDU.AU> wrote:
> I just saw this mentioned on linux-kernel and confirmed it;
>
[ sample exploit deleted ]
>
> This can kill from a normal user account the inetd process under Linux
> 2.0.34 by sending a SIGIO.  Very bad.
>
> The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line
> number is approximately 139.

On 1 July 1998, Alan Cox <alanLXORGUK.UKUU.ORG.UK> wrote:
> Bugtraq readers who haven't been following the Linux security audit
> project (from whence most of the Red Hat fixes came - and other
> vendors will I assume be issuing identical updates) might like to take
> a look at how their own OS handles pointing the following at files
> only root can read and running setuid apps. (or setgid usage in some
> cases such as Mutt)
>         TZ
>         TERMINFO
>         TERMCAP
[...]
>
> A PS item btw: 2.0.35pre3 fixes the bug reported with SIGIO, and
> it should be out as 2.0.35 proper RSN - 2.0.35pre3 is a release
> candidate. We hadn't planned on a 2.0.35 release quite that soon but
> such is life.

    Unfortunately, this fix seems to also break programs using SIGIO for
legitimate purposes --- like MC with subshell support.  Personally, I'm
not enough familiar with the internals of either the Linux kernel or MC
to attempt to find out what's wrong with the new SIGIO handling, but you
might want to address this problem before releasing 2.0.35.  I'm sure
there's a better way to fix all this.

    On a completely unrelated topic, but since you mentioned Mutt:
the new handling of locales in Linux libc's 5.4.45 and 5.4.46 breaks
NLS support in binaries with either the setuid or the setgid bits
set.  Mutt on Linux f.i. can't print accented characters any longer,
because isprint() now assumes the "C" locales in setgid programs.  Pavel
Kankovsky (the author of this change) commented that "setuid programs
should be secure, not user friendly".  Now, while I basically agree with
this statement (the implication for Mutt being that it should use an
external program to manage locking), there's probably a way to fix that
kind of problems without crippling the system. :-)

    Regards,

    Liviu

--
Dr. Liviu Daia                   e-mail:   daiastoilow.imar.ro
Institute of Mathematics         web page: http://www.imar.ro/~daia
of the Romanian Academy          PGP key:  finger daiastoilow.imar.ro

Next message: Nathan Dorfman: "Re: more problems with mailx"
Previous message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"