|
Bugtraq
mailing list archives
Re: Amanda multiple vendor local root compromises
From: tobkin () SOFTWARE UMN EDU (Chris Tobkin)
Date: Mon, 1 Nov 1999 15:20:22 -0600
[...]
DETAILS:
Amanda's "runtar" program, suid root by default on FreeBSD 3.3, calls
/usr/bin/tar and passes all args given to runtar to this program. Tar is
thus run with root permissions and is vulnerable to all of the same
attacks on suid programs that it would have if it were suid itself.
[...]
WHO IS VULNERABLE:
Anyone running a suid version of runtar should be suspicious. I've not
tested any other O.S.'s except FreeBSD 3.3, which includes amanda 2.3.0
and 2.4.1 as "additional packages" on the install CD and tar-1.11.2.
[snip]
I doubt that this is OS specific in the installation, but all the installs
of amanda i've seen (and have running here) have runtar suid root, but
perm'd to 7450 (other can't exec it). It may be part of the packages
bundled with FreeBSD.. All of our builds are local compilations from
source... (In fact, all the suid binaries installed by a `make install`
are perm'd o-rwx and have a gid of sys or other) -- All I have for
reference here are solaris and AIX machines.. can anyone else confirm?
// chris
tobkin () umn edu
*************************************************************************
Chris Tobkin tobkin () umn edu
Java and Web Services - Academic and Distributed Computing Services - UMN
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
"Nothing great was ever achieved without enthusiasm."
- Ralph Waldo Emerson, poet, writer, and philosopher
*************************************************************************
 By Date 
By Thread
Current thread:
|
Intro
