Subject: Re: cvs commit: src/lib/libc/db/hash hash_buf.c
To: Jon Ribbens <jon@oaktree.co.uk>
From: Jason Thorpe <thorpej@nas.nasa.gov>
List: tech-kern
Date: 10/18/1996 11:02:07
On Fri, 18 Oct 1996 16:53:57 +0100 (BST)
Jon Ribbens <jon@oaktree.co.uk> wrote:
> The ftpd starts out as root, fetches the passwords, and then the
> user can make it setuid to themselves by typing their user-name
> and password. They can then make it core-dump (using 'kill') and
> read the encrypted passwords. I tried it just now and it worked.
> Hence this thread is not silly. Anyone with a shell account on
> a machine can trivially gain access to the shadow password file.
Umm ... I just tried this test, on my NetBSD/sparc workstation...
ftp'd to localhost, logged in as myself. Send that process a SIGSEGV
with kill(1). It definitely did not drop a core file. Just to make
sure, tried again with SIGABRT. Nup.
And, this is with a kernel that doesn't have the change Matt committed
to kern_sig.c last night :-)
> I'd appreciate it if whoever it was who patched their kernel to
> not core-dump programs which *used to be* SUID could post their
> patch here.
The relevant change that Matthew Green committed yesterday is appended
below.
> PS. Actually, it didn't work, because I'm using wu-ftpd. When
> I switched back to the standard NetBSD 1.1 ftpd for a sec to
> check it, it did work. wu-ftpd catches every signal under the
> sun and doesn't core-dump on them. This is obviously not
> a very nice solution.
Oh .. I'm running a much more recent NetBSD kernel than your are, I guess.
The coredump() function in kern_sig.c wasn't as picky in NetBSD 1.1.
The behavior I'm describing is the way it appears in NetBSD 1.2.
Jason R. Thorpe thorpej@nas.nasa.gov
NASA Ames Research Center Home: 408.866.1912
NAS: M/S 258-6 Work: 415.604.0935
Moffett Field, CA 94035 Pager: 415.428.6939
----- snip -----
Index: kern_sig.c
===================================================================
RCS file: /cvsroot/src/sys/kern/kern_sig.c,v
retrieving revision 1.57
retrieving revision 1.58
diff -c -r1.57 -r1.58
*** kern_sig.c 1996/10/13 02:32:34 1.57
--- kern_sig.c 1996/10/18 08:39:34 1.58
***************
*** 1,4 ****
! /* $NetBSD: kern_sig.c,v 1.57 1996/10/13 02:32:34 christos Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1991, 1993
--- 1,4 ----
! /* $NetBSD: kern_sig.c,v 1.58 1996/10/18 08:39:34 mrg Exp $ */
/*
* Copyright (c) 1982, 1986, 1989, 1991, 1993
***************
*** 1045,1063 ****
register struct proc *p;
{
register struct vnode *vp;
- register struct pcred *pcred = p->p_cred;
- register struct ucred *cred = pcred->pc_ucred;
register struct vmspace *vm = p->p_vmspace;
struct nameidata nd;
struct vattr vattr;
int error, error1;
char name[MAXCOMLEN+6]; /* progname.core */
struct core core;
! if (pcred->p_svuid != pcred->p_ruid ||
! cred->cr_uid != pcred->p_ruid ||
! pcred->p_svgid != pcred->p_rgid ||
! cred->cr_gid != pcred->p_rgid)
return (EFAULT);
if (USPACE + ctob(vm->vm_dsize + vm->vm_ssize) >=
p->p_rlimit[RLIMIT_CORE].rlim_cur)
--- 1045,1059 ----
register struct proc *p;
{
register struct vnode *vp;
register struct vmspace *vm = p->p_vmspace;
+ register struct ucred *cred = p->p_cred->pc_ucred;
struct nameidata nd;
struct vattr vattr;
int error, error1;
char name[MAXCOMLEN+6]; /* progname.core */
struct core core;
! if (p->p_flag & P_SUGID)
return (EFAULT);
if (USPACE + ctob(vm->vm_dsize + vm->vm_ssize) >=
p->p_rlimit[RLIMIT_CORE].rlim_cur)