|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [lids] bug
From: Georg Zoeller (zoeller
MEFFERT.DE)Date: Fri Aug 04 2000 - 09:53:38 CDT
- Next message: bugzillaREDHAT.COM: "[RHSA-2000:030-03] Updated mailman packages are available."
- Previous message: Matt Power: "recovering ssh passwords from memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
/lidadm -S -- -LIDS seems to contain this bug too, in a way:
---------------
(user2 is a standard non root user!)
login....
....................................................................
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
bash$ su
Password:
[rootpenguin user]# /sbin/lidsadm -S -- -LIDS
SWITCH
enter password:
[rootpenguin user]#su user2
bash$ joe /etc/passwd
(file is not read-only, can be modfied)
bash$ joe /etc/fstab
(file is not read only, can be modified)
bash$ ls -l /etc/fstab
-rw-r--r-- 1 root root 684 Jul 24 16:28 /etc/fstab
bash$ exit
[rootpenguin user]#exit
bash$ joe /etc/passwd
(file is shown as readonly, cannot be modified)
......................................................................
Seems to me that the -LIDS shell does not drop the root privileges when
switching to non-root accounts.
regards
georg
----- Original Message -----
From: "Kevin H Kamel" <kamelkevglue.umd.edu>
To: <lidsegroups.com>
Sent: Friday, August 04, 2000 4:27 PM
Subject: Re: [lids] bug
>
>
> Ive never issued -LIDS_GLOBAL either. I usually just do -LIDS... does
> -LIDS do this same thing? I thought that -LIDS would only allow that
> particular session to be running as UID=0, but you need to be root to turn
> it off anyway, so that doesnt really matter...
>
> why would you run this -LIDS_GLOBAL? From the security standpoint maybe
> that shouldnt exist at all?
>
> -Kevin
>
>
> On Fri, 4 Aug 2000, Georg Zoeller wrote:
>
> > ... granted, it is very seldom that I boot with /security=0 (and if I do
> > i'll disconnect from the net),
> > but from time to time you'll need to issue a -LIDS_GLOBAL to test some
> > things and then it
> > really gets ugly. What is severe if not having all users running as kind
of
> > uid=0 on your system?
> >
> > regards
> > georg
> >
> > ----- Original Message -----
> > From: "Kevin Kamel" <kamelkevglue.umd.edu>
> > To: <lidsegroups.com>
> > Sent: Friday, August 04, 2000 4:07 PM
> > Subject: [lids] bug
> >
> >
> > > You know the bug is a problem, but I wouldn't exactly quantify it as
> > > "severe". If your system is set up properly you would need to pass the
> > > security=0 from console to get the bug to happen. How often do you
> > actually
> > > do this? I have *never* had to boot the kernel with security=0, I
thought
> > > that was just in emergency cases when your really screwed up your
> > > configuration. So if you have the "buggy" version right now, just make
> > sure
> > > you disconnect from the net if your going to do security=0, short of
that
> > > you should be ok...
> > >
> > > -Kevin Kamel
> > >
> > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
>
>
> --------------------------------------------------------------------<e|-
> Download iPlanet Web Server, FastTrack Edition 4.1 for FREE,
> and start publishing dynamic web pages today!
> http://click.egroups.com/1/7540/13/_/18396/_/965399265/
> --------------------------------------------------------------------|e>-
>
>
- Next message: bugzillaREDHAT.COM: "[RHSA-2000:030-03] Updated mailman packages are available."
- Previous message: Matt Power: "recovering ssh passwords from memory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]