mailing list archives
Re: SECURITY: Red Hat Linux 5.1 linuxconf bug
From: jimd () STARSHINE ORG (Jim Dennis)
Date: Mon, 1 Jun 1998 15:00:51 -0700
On Thu, 28 May 1998, Michael K. Johnson wrote:
In Red Hat Linux 5.1, linuxconf version 1.11r11-rh2 was inadvertantly
setuid root. This creates the potential for security holes that allow
attackers to gain root access to your machine. (Users of Red Hat
Linux 5.0 and earlier are NOT affected, as linuxconf was not included
with any previous version of Red Hat Linux.)
If you have installed Red Hat Linux 5.1, you can immediately remove
the danger by logging in as root and running the command:
chmod -s /bin/linuxconf
We also recommend that you update to the latest version of linuxconf,
linuxconf-1.11r11-rh3, which fixes this bug.
Thanks to BUGTRAQ for finding and reporting this.
the binary RPMs have always been shipped with suid linuxconf. Does this
announce mean that linuxconf has been found insecure, so that is MUST not
be used suid ? I haven't seen anything about linuxconf on BUGTRAQ, apart
from your posting.
I don't know if linuxconf has any security wholes (and I'm
not qualified to audit the sources).....
The fact is, linuxconf's most valuable feature, to me, is the possibility
to delegate user administration. If i drop SUID, i cannot do that anymore
- right ? And i cannot use remote admin, too.
.... however even it linuxconf has some insecurities, you
could strip the "world" bits, chgrp it to something appropriate
("wheel"?) and leave it SUID/root.
I think most SUID programs should default to being configured
this way --- so that only members of the appropriately trusted
group is allowed to attempt exploits using it.
You could also further protect it by hiding it behind 'sudo'.
So, if linuxconf is so insecure that one cannot dare having it suid, it
almost becomes useless.
I don't think so. It still contains quite a bit of "knowlege"
about the various configuration files --- helping the sysadmin
create new DNS zone maps, and the like with a much easier
interface than a text editor and a pile of man pages.
If it can help sysadmin's by preventing stupid syntactically
mistakes in the sorts of config files that we rarely edit
it still may be quite valuable, even to experienced sysadmins
--- and even to some degrees that relate to improving security.
(Let me tell you about the stray space in a wuftpd ftpaccess
file that had some kiddies creating stray "warez" directories
some time. Don't follow those commas with spaces!).
Could you (Michael, Jacques) please clarify about Linuxconf security ?
It is fundamental to know whether the security risks are only from local
users, or also from external attacks.
It would be nice to hear about specific, known security
concerns. It would be less comforting to hear that linuxconf
is "not known to contain any buffer overflow or race condition
bugs." What would inspire a bit more confidence is a couple
of independent reports from qualified auditors who specifically
looked for them.
Is there somebody doing security auditing on Linuxconf ?
I would really like to see Red Hat, Caldera, S.u.S.E. and
a few of the other commercial Linux distributors and vendors
pitch in to a comprehensive security audit of the whole
Linux source tree. Currently the OpenBSD camp is severely
whuppin' us in that area.
I would vote to have LI (Linux International) create a
special fund for it --- and solicit donations. If they do
--- I'll send money tomorrow.
Jim Dennis (800) 938-4078 consulting () starshine org
Proprietor, Starshine Technical Services: http://www.starshine.org