OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: RH 6.1 / 6.2 minicom vulnerability
From: Sylvain Robitaille (sylALCOR.CONCORDIA.CA)
Date: Tue Aug 29 2000 - 19:57:45 CDT

Ben Lull wrote:

> ... Yep Slackware (7.x) too using minicom 1.82 and 1.82.1

Just for the record, I checked with Slackware-4, which also has
minicom-1.82, (but I've already changed mine to be setgid "modem" so it
has only permission to write to the modem device).

One thing Ben's example didn't show is confirmation that this problem
follows symlinks on his system, and creates the file accoring to the
umask, which I've found to be the case on mine:

  : charlotte[syl] ~; ln -s /tmp/foo .
  : charlotte[syl] ~; ( umask 2 ; minicom -C foo )
  minicom: cannot open /dev/ttyS1: Permission denied
  : charlotte[syl] ~; ls -l /tmp/foo
  -rw-rw-r-- 1 syl modem 0 Aug 29 20:44 /tmp/foo

Lessons learned:

- don't install UUCP commands unless you actually need them, (and most
  people really don't anymore. If you install UUCP commands, *know* what
  other programs will run with the same privileges.
- go through your system after installation and reduce permissions to
  only what's required. There's nothing on my system that would be
  writable to group modem, except of course the modem device. 

--
----------------------------------------------------------------------
Sylvain Robitaille                              sylalcor.concordia.ca

Systems analyst                                   Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------