[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: (WORKAROUND) More on UnixWare 2.x vulnerability
From: Hannu Laurila <Hannu.Laurila () japo ! fi>
Date: 1996-08-24 22:32:46
[Download RAW message or body]
On Sat, 24 Aug 1996, Todd Vierling wrote:
> I've found out a more about UnixWare 2. It seems the system (and I don't
> know if SCO's own native OSs do this, SCO UNIX/SCO XENIX/SCO OpenServer)
> allows chown'ing a file *to* any arbitrary user and group.
I couldn't check/test for the vulnerability but I think all users of
Unixware and other SVR4-unixes should check that their boxes are
configured with the BSD-style behaviour of chown/chgrp. It is simply
safer in general.
Unixware 2.0x, by default, uses the old AT&T behaviour but it can be
adjusted with a single kernel tunable.
For other security reasons, I asked on comp.unix.unixware.misc how to tune
the behaviour about 2 or 3 months a go and here is a quote from the
Unixware trouble-FAQ, it consists of my question and Andrew Josey's answer
(thanks Andrew!):
--- clip ---
Subject: T41) How can I revert to the BSD form of (restricted) chown?
By default, chown() system call comes with the old AT&T behavior and
allows a user to change the ownership of a file he owns to that of any
other user on the system.
How can I modify the behavior to the BSD-form (only root can change
the ownership of a file)?
The BSD way is the FIPS 151-2 and XPG4 way, and indeed there is a tuneable
called RSTCHOWN. For strict conformance (and when testing for
POSIX FIPS 151-2, XPG etc) this should be set to one.
/etc/conf/bin/idtune -g RSTCHOWN will return its value.
To set it do
# /etc/conf/bin/idtune RSTCHOWN 1
# /etc/conf/bin/idbuild
and then reboot.
---
Hannu Laurila - kube@japo.fi * Kauppakatu 10, FIN-62900 ALAJÄRVI
Alajärven Puhelinosuuskunta * Tel +358 66 557 2209 - Fax +358 66 557 2788
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic