, Jason Thorpe <thorpej@nas.nasa.gov>
From: Brian Buhrow <buhrow@cats.ucsc.edu>
List: tech-security
Date: 11/18/1997 16:14:18
Is there something about fortune I don't understand? The old version
of fortune that I used to see had to be setuid to the games uid because it
wanted to write to its random number seed generator. I have a version that
writes nothing, so doesn't need a setuid bit of any kind. Is this the one
distributed in the NetBSD sources, or is that one still setuid to games and
scribbling away each time a user uses it?
-Brian
On Nov 18, 7:05pm, Jon Ribbens wrote:
} Subject: Re: Removing dm(1)
} Jason Thorpe <thorpej@nas.nasa.gov> wrote:
} > Care to explain this in real detail? How does the fact that a program
} > runs setuid "games" (which gives it permission to write high scores
} > files, among other things) allow me to access the account of any user
} > that runs a game?
} >
} > The fact that a user has an euid of "games" gives them nothing more
} > than the ability to run the games otherwise controlled by dm, and
} > write high scores files. Worrying about whether or not a user has
} > critical files writable by "games" is like worrying whether or not
} > that user has critical files writable by "nobody", in my mind.
} >
} > If I have missed some important details, please enlighten me. But
} > I'm not interested in rhetoric.
}
} The really, really important detail you have missed is that being
} user 'games' allows you to write to the games binaries. It would be
} the work of a few seconds to replace all the games by programs which
} create a setuid shell somewhere and then run the original binary.
}
} What is arguably even more important about this is that some things
} which people don't think of as 'games' are run by 'dm' - e.g. 'fortune'.
} I have seen more than one system where fortune is run on login. Next
} time root logs in - bang.
}
} Cheers
}
}
} Jon
} ____
} \ // Jon Ribbens // 100MB virtual-hosted // www.oaktree.co.uk
} \// jon@oaktree.co.uk // web space for 99UKP //
>-- End of excerpt from Jon Ribbens