Home page logo

bugtraq logo Bugtraq mailing list archives

Re: majordomo local exploit
From: atatat () ATATDOT NET (Andrew Brown)
Date: Thu, 30 Dec 1999 18:16:26 -0500

This patch should take care of that problem:

--- majordomo.old       Sat Oct  2 02:30:30 1999
+++ majordomo   Thu Dec 30 04:34:25 1999
@@ -44,6 +44,25 @@
    die("$cf not readable; stopped");

+# Check if the cf file is owned by effective uid
+if ((stat($cf))[4] != $>) {
+    die("$cf not owned by effective uid; stopped");

hmm...race condition?

it would really be better (in this vein) to (a) open the config file,
(b) fstat it (once, not twice) and (c) then read and eval the code
rather using require (since you can't "require" a file handle).

of course...using a config file or perl is nice, since you *can*
simply require it, but a parsed config file that just sets variables
is better since it implicitly disallows attacks like this.

|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
andrew () crossbar com       * "information is power -- share the wealth."

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]