OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: majordomo local exploit

Re: majordomo local exploit

Subject: Re: majordomo local exploit
From: Spidey (spideyIRO.UMONTREAL.CA)
Date: Wed Dec 29 1999 - 10:29:03 CST

It would be important to note that on POSIX systems, the wrapper is
compiled to setuid() to the majordomo user, so this won't give a root
shell...

On other systems, you are advised to install majordomo suid 'majordomo'
instead of root.

From the "INSTALL" file:

3) Edit the Makefile, defining where Perl and the C compiler are, the
   Majordomo home directory (chosen in step 2), the location of the
   manual pages, the user and group that Majordomo will run under, and
   the permissions for the various files and directories. If running on
   a non-POSIX system, comment out the POSIX SECTION in the Makefile.
   Under POSIX, wrapper must be setuid "root", even if the programs will
   be running as something other than "root" (i.e., "daemon"), or it
   won't work. The symptom of this is that Perl starts complaining about
   security violations and "unsafe usages".

Hum... In fact, it is not really written clearly that one non-POSIX
system should not install the wrapper suid root, but that's how I see it
since:

#ifdef POSIX_GID
    setgid(POSIX_GID);
#else
    setgid(getegid());
#endif

#ifdef POSIX_UID
    setuid(POSIX_UID);
#else
    setuid(geteuid());
#endif

I think I will warn majordomo about this...

AnarCat

Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir

Lofofora

This archive was generated by hypermail 2b27 : Wed Dec 29 1999 - 20:04:22 CST