Home page logo

bugtraq logo Bugtraq mailing list archives

BoS: Big SecurID Hole??
From: cmacneill () securid com (Chris Macneill)
Date: Mon, 30 Sep 1996 17:49:59 -0500

Our thanks to David L. Reoch  dave () pbi net and Richard Perlman (no address) for
pointing out the potential security problem of $VAR_ACE set to 777.

This problem has been caused by an attempt to remove the requirement for root
ownership and "suid" set on the sdshell authentication program. Unfortunately
you cannot remove these requirements without opening up the $VAR_ACE directory
to read-write access for the world. This is due to the requirement that all
users be able to create and read the nodesecret file. Thus administrators have
the choice, you either set sdshell as root with suid set and $VAR_ACE with
something between 775 and 664 permissions (I personally favour 660, since only
owner and group need to read or write to $VAR_ACE and I don't see any reason why
anyone needs to execute anything in this directory). Alternatively you leave
things as they are.

You need to choose between the root ownership and suid set status of sdshell
versus the open permissions on $VAR_ACE and nodesecret.

In ACE/Server v2.2.1 we will be returning to the original requirement of root
ownership and suid set for sdshell as the default and at least 775 restrictions
on $VAR_ACE.

If anyone has any responses to this posting, please send them to the ACE/Server
admin specific maillist at:-

        sdadmin () jabberwocky bbnplanet com


Chris Macneill
Advanced Support Manager
Security Dynamics Technologies, Inc.

  By Date           By Thread  

Current thread:
  • BoS: Big SecurID Hole?? Chris Macneill (Sep 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]