[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    BoS: Big SecurID Hole??
From:       Chris Macneill <cmacneill () securid ! com>
Date:       1996-09-30 17:49:59
[Download RAW message or body]

Our thanks to David L. Reoch  dave@pbi.net and Richard Perlman (no address) for
pointing out the potential security problem of $VAR_ACE set to 777.

This problem has been caused by an attempt to remove the requirement for root
ownership and "suid" set on the sdshell authentication program. Unfortunately
you cannot remove these requirements without opening up the $VAR_ACE directory
to read-write access for the world. This is due to the requirement that all
users be able to create and read the nodesecret file. Thus administrators have
the choice, you either set sdshell as root with suid set and $VAR_ACE with
something between 775 and 664 permissions (I personally favour 660, since only
owner and group need to read or write to $VAR_ACE and I don't see any reason why
anyone needs to execute anything in this directory). Alternatively you leave
things as they are.

You need to choose between the root ownership and suid set status of sdshell
versus the open permissions on $VAR_ACE and nodesecret.

In ACE/Server v2.2.1 we will be returning to the original requirement of root
ownership and suid set for sdshell as the default and at least 775 restrictions
on $VAR_ACE.

If anyone has any responses to this posting, please send them to the ACE/Server
admin specific maillist at:-

        sdadmin@jabberwocky.bbnplanet.com


Regards


Chris Macneill
Advanced Support Manager
Security Dynamics Technologies, Inc.

[prev in list] [next in list] [prev in thread] [next in thread]