home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!ferkel.ucsb.edu!taco!rock!stanford.edu!bcm!cs.utexas.edu!zaphod.mps.ohio-state.edu!uwm.edu!ogicse!news.u.washington.edu!carson.u.washington.edu!dittrich
- From: dittrich@carson.u.washington.edu (Dave Dittrich)
- Newsgroups: comp.security.misc
- Subject: Re: gnumake SGID: potential security hole?
- Message-ID: <1992Nov18.210743.26908@u.washington.edu>
- Date: 18 Nov 92 21:07:43 GMT
- Article-I.D.: u.1992Nov18.210743.26908
- References: <MELLAN.92Nov17131950@syst06.acri.fr> <1992Nov17.165157.6769@ulysses.att.com>
- Sender: news@u.washington.edu (USENET News System)
- Organization: University of Washington
- Lines: 21
-
- smb@ulysses.att.com (Steven Bellovin) writes:
-
- >In article <MELLAN.92Nov17131950@syst06.acri.fr>, mellan@syst06.acri.fr (Alain Mellan) writes:
- >>
- >> I just discovered today that gnumake is installed with SGID bit, and
- >> belongs to user root, group kmem.
- >>
- >> Am I right to be suspicious ? The kmem SGID will allow gnumake to
- >> read into /dev/kmem the info needed for load balancing, but is that
- >> all?
-
- >Someone who can read /dev/kmem can also read interesting things like
- >typed passwords in tty input buffers, and disk blocks from read-protected
- >files. I have no idea whether or not it's possible to trick gnumake
- >into doing those things -- for example, if it doesn't properly reset
- >its setgidness and close the file descriptor before execing a user program.
- >There's a definite risk here, if things weren't done properly.
-
- I guess if you are worried you should simply RTFC (after all, gnumake *is*
- public domain -- but because of this fact I would doubt any security holes
- would go unnoticed this long). You could also try one of the gnu groups.
-
