Home page logo

bugtraq logo Bugtraq mailing list archives

Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: Alexander Schreiber <alexander.schreiber () INFORMATIK TU-CHEMNITZ DE>
Date: Sat, 11 Nov 2000 00:01:13 +0100


On Fri, 10 Nov 2000, Michal Zalewski wrote:

This problem is not related to any specific product or solution, but
affects pretty huge part of the ISP installations. The problem is a direct
effect of the default account creation policy launched by OpenBSD, RedHat,
and some other vendors, where every user has it's own, corresponding gid.

Debian 2.2 (potato) default install checks for this:


boromir:~# adduser kmem
adduser: The group `kmem' already exists.


You can create such a user with the useradd tool, but useradd defaults
to give this user gid 100 (users). You can of course explicitly specify
group kmem, but then
 - you are root,
 - you use useradd instead of the do-all-and-be-happy adduser
so you can be expected to know what you are doing.


 EMail : als () thangorodrim de              | WWW : http://www.thangorodrim.de/
 "I think there's a world market for about five computers."
         -- attr. Thomas J. Watson (Chairman of the Board, IBM), 1943

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]