OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: Alexander Schreiber (alexander.schreiberINFORMATIK.TU-CHEMNITZ.DE)
Date: Fri Nov 10 2000 - 17:01:13 CST

Hi!

On Fri, 10 Nov 2000, Michal Zalewski wrote:

> This problem is not related to any specific product or solution, but
> affects pretty huge part of the ISP installations. The problem is a direct
> effect of the default account creation policy launched by OpenBSD, RedHat,
> and some other vendors, where every user has it's own, corresponding gid.

Debian 2.2 (potato) default install checks for this:

<cite>

boromir:~# adduser kmem
adduser: The group `kmem' already exists.

</cite>

You can create such a user with the useradd tool, but useradd defaults
to give this user gid 100 (users). You can of course explicitly specify
group kmem, but then
 - you are root,
 - you use useradd instead of the do-all-and-be-happy adduser
so you can be expected to know what you are doing.

Regards,
       Alex. 

--
------------------------------------------------------------------------------
 EMail : alsthangorodrim.de              | WWW : http://www.thangorodrim.de/
 "I think there's a world market for about five computers."
         -- attr. Thomas J. Watson (Chairman of the Board, IBM), 1943