Re: majordomo local exploit

Subject: Re: majordomo local exploit
From: Andrew Brown (atatatATATDOT.NET)
Date: Thu Dec 30 1999 - 17:16:26 CST

• Next message: Loneguard: "bna,sh"
• Previous message: der Mouse: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet Connections"
• In reply to: Henrik Edlund: "Re: majordomo local exploit"
• Next in thread: Brock Sides: "Re: majordomo local exploit"
• Reply: Andrew Brown: "Re: majordomo local exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>This patch should take care of that problem:
>
>--- majordomo.old Sat Oct 2 02:30:30 1999
>+++ majordomo Thu Dec 30 04:34:25 1999
> -44,6 +44,25
> die("$cf not readable; stopped");
> }
>
>+# Check if the cf file is owned by effective uid
>+if ((stat($cf))[4] != $>) {
>+ die("$cf not owned by effective uid; stopped");
>+}
>...
>Comments?

hmm...race condition?

it would really be better (in this vein) to (a) open the config file,
(b) fstat it (once, not twice) and (c) then read and eval the code
rather using require (since you can't "require" a file handle).

of course...using a config file or perl is nice, since you *can*
simply require it, but a parsed config file that just sets variables
is better since it implicitly disallows attacks like this.

--
|-----< "CODE WARRIOR" >-----|
codewarriordaemon.org             * "ah!  i see you have the internet
twofsonetgraffiti.com (Andrew Brown)                that goes *ping*!"
andrewcrossbar.com       * "information is power -- share the wealth."

• Next message: Loneguard: "bna,sh"
• Previous message: der Mouse: "Re: The "Mac DoS Attack," a Scheme for Blocking Internet Connections"
• In reply to: Henrik Edlund: "Re: majordomo local exploit"
• Next in thread: Brock Sides: "Re: majordomo local exploit"
• Reply: Andrew Brown: "Re: majordomo local exploit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Fri Dec 31 1999 - 02:44:53 CST