|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Irix tape devices + logs + su
Harhalakis Stefanos (v13
AETOS.IT.TEITHE.GR)Thu, 17 Dec 1998 09:39:11 +0200
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Patrick Gilbert: "Detecting the "undetectable"."
- Previous message: Stefan Laudat: "OSS nice tmp race"
- Next in thread: Valdis.KletnieksVT.EDU: "Re: Irix tape devices + logs + su"
I don't know if those are known stories. Anyway... on Irix 6.4 the tape devices (in /hw/tape) may be created with false permissions. I think that they are created using the current umask. (When using su, the current umask will not change (unless there is a umask entry in root's .cshrc)). So it is possible to have those devices with mode 644 or even 666, which is bad news, because anyone could use xfsrestore to get any file. Also, /var/adm/SYSLOG contains the failed login names (even if they don't exist) and by default, this file is forced to be mode 644 (root's crontab will take care for this, when rotating the logs). Finaly, when using su, the user's .cshrc will be executed with privileges of the target user (if the su is succesful). For example, if user nobody has a cp /bin/sh /tmp; chmod 6755 /tmp/sh in his .cshrc and he use su to become root, a rootshell will be available in /tmp :) This is valid only for succesfull su's <<V13>>
- Next message: Patrick Gilbert: "Detecting the "undetectable"."
- Previous message: Stefan Laudat: "OSS nice tmp race"
- Next in thread: Valdis.KletnieksVT.EDU: "Re: Irix tape devices + logs + su"