[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] Sheflug Meeting / AccessSpace NIS

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
From: Matthew Palmer <nospam [at] ieee.uow.edu.au>
Date: Tue, 3 Apr 2001 11:27:31 +1000 (EST)
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

On Mon, 2 Apr 2001, Will Newton wrote:

> > > The two vulnerabilities I refer to (The DEADJOE problem and reading .joerc
> > > from cwd) are not so much things to be fixed, as things it makes no sense
> > > to do in the first place.
> >
> > Reading .joerc from pwd is a good thing under a great many circumstances -
> > for instance, if you want to enforce certain code style rules for a project,
> > you can put a .joerc for that directory.
> 
> Theoretically yes. In practice no. It may be convenient now but next time
> you edit a file as root it may not be so convenient.

Or, alternately you could just avoid editing files in world-writable places
like /tmp.  After all, where, as root, are you likely to be editing files? 
In /etc, OK, users can't write there.  In your home dir, perhaps, but not
that often.  In a user's home dir - not as root, I hope, but rather su'd as
the user, where you lose your root privs and are running as the user who
wants to attack you - all they're going to do is smear themselves all across
the disk.

Basically, the .joerc hole is one which will bite admins with little clue,
and is unlikely to hassle those of us who use root only when required.

> And the DEADJOE problem is basically a temp file attack (in essence).

That is, potentially, a more serious problem, since DEADJOE is created in
the directory of the edited file, and (occasionally) root may want to edit
files in /tmp.  Creating a DEADJOE file, however, is still better than
losing a chunk of typed text when the modem link dies.  A little more
thought just needed to be put into the creation of the DEADJOE files.
Exploiting that error, too, is a *lot* more difficult - it's basically a
case of random chance that the root user is the one who is editing a file
in a publically writable directory when the editor receives a deadly signal
(which, incidentally, ordinary users can't send to that process).

-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
  - From: Will Newton <will [at] misconception.org.uk>

References:
- Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
  - From: Will Newton <will [at] misconception.org.uk>

Prev by Date: [Sheflug] [OT]: 1st April RFC's
Next by Date: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Prev by thread: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Next by thread: Re: [Sheflug] Sheflug Meeting / AccessSpace NIS
Index(es):
- Date
- Thread