home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!vtserf!vttcf.cc.vt.edu!valdis
- From: valdis@vttcf.cc.vt.edu (Valdis Kletnieks)
- Newsgroups: comp.security.misc
- Subject: Re: Re: root-owned world-writable files
- Message-ID: <5057@vtserf.cc.vt.edu>
- Date: 23 Jul 92 02:49:35 GMT
- References: <1992Jul21.201056.662@newshost.lanl.gov> <61350001@otter.hpl.hp.com>
- Sender: news@vtserf.cc.vt.edu
- Organization: Virginia Tech, Blacksburg, VA
- Lines: 27
-
- In article <61350001@otter.hpl.hp.com> sjmz@otter.hpl.hp.com (Stefek Zaba) writes:
- >In comp.security.misc, jfowler@beta.lanl.gov (John C. Fowler) writes that
- >world-writeable root-owned files are only a problem if root trusts the
- >file contents. This is false: sometimes an attack requirtes a root-owned
- >file to succeed, and by linking (hard or symbolic) to the carelessly-left
- >file, this attack will succeed.
- >
- >For example: a wannabe sysadmin leaves their home directory world-writeable.
- >This allows the attacker to plant a .rhosts file which will allow them in.
- Stefek:
-
- I think you took a slight left turn while following John's logic.
- Remember that in order to trust the .rhosts, there is an *implicit*
- assumption that the *home directory* can itself be trusted.
-
- If the system hadn't trusted that the home directory contain an
- non-subverted .rhosts, the attack would have failed. As John Fowler
- said - it's only a problem if root trusts the file contents.
-
- Does anybody have a good reference to Dennis Ritchie's analysis of the
- Unix protection scheme, where he mathematically proved it secure modulo
- the set-UID/GID bit? Damned if I can remember the Bell Systems Tech
- Journal that it appeared in tho.. ;)
-
- Valdis Kletnieks
- Computer Systems Engineer
- Virginia Tech
-
