tech-security: Re: [suse-security] SuSE Security Announcement

Subject: Re: [suse-security] SuSE Security Announcement - aaa_base
To: Thomas Michael Wanka <tm_wanka@earthling.net>
From: David Brownlee <abs@netbsd.org>
List: tech-security
Date: 05/01/2000 16:35:19

  by mail.netbsd.org with SMTP; 1 May 2000 16:10:04 -0000
	Mon, 1 May 2000 16:35:19 +0100 (BST)
Date: Mon, 1 May 2000 16:35:19 +0100 (BST)
From: David Brownlee <abs@netbsd.org>
To: Thomas Michael Wanka <tm_wanka@earthling.net>
cc: tech-security@netbsd.org
Subject: Re: [suse-security] SuSE Security Announcement - aaa_base
In-Reply-To: <390B1668.6351.AAD2E13@localhost>
Message-ID: <Pine.NEB.4.21.0005011634050.14114-100000@oblivion.mono.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII

	If you need certain users to have a 'just something' homedir,
	create /home/nothing or similar, owned by root.

		David/absolute
				   -- www.netbsd.org: Value design over hype --

On Sat, 29 Apr 2000, Thomas Michael Wanka wrote:

> Hi,
> 
> I include a security information I just got. I have some users homedirs set to 
> /tmp as they need to be there by default. Am I right that the mentioned 
> security issue (bash profiles in /tmp) affects my system.
> 
> thanks
> 
> mike
> 
> On 29 Apr 2000, at 16:28,  wrote:
> 
> >  Two vulnerabilities have been found:
> > 
> >   1) The cron job /etc/cron.daily/aaa_base does a daily checking of files
> > in
> >   /tmp and /var/tmp, where old files will be deleted if configured to do
> > so.
> >   Please note this this feature is NOT activated by default
> > 
> >   2) Some system accounts have their homedirectories set to /tmp by
> > default.
> >   These are the users games, firewall, wwwrun and nobody on a SuSE 6.4.
> > 
> > 2. Impact
> > 
> >   1) If the /tmp cleanup is activated, any file or directory can be
> > deleted
> >   by any local user
> > 
> >   2) If an attacker creates dot files in /tmp (e.g. bash profiles),
> > these
> >   might be executed if someone uses e.g. "su - nobody" to switch to the
> >   nobody user. This can lead to a compromise of that userid.
> >   This vulnerability is present in several other unix systems as well -
> >   please check all!
> > 
> > 3. Solution
> > 
> >   1) Update the package from our FTP server.
> > 
> >   2) The root user will receive a email with the accounts listed which
> > have
> >   a homedirectory in /tmp. You have to fix this by hand, because some
> >   installations might break if they rely on information saved in the
> > (unsafe)
> >   /tmp homedirectory.
> >   The email will give more information what to do.
> 
> 
>