[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Cabletron Spectrum security vulnerability
From:       Dave Plonka <plonka () doit ! wisc ! edu>
Date:       1999-06-24 17:01:37
[Download RAW message or body]

On Thu, Jun 24, 1999 at 12:24:00AM -0400, Miscioscia, George M wrote:
> Spectrum users,
>
> This statement is not entirely true...
>
> "The writable directories include those containing the Spectrum executables,
> at least one of which is, and apparently must be, run as "root" during
> normal operation of the product."
>
> Although certain directories are made writable, the SpectroSERVER executable
> need only run once as "root".

The one Spectrum executable to which I was referring (but didn't name)
when I said "apparently must be run as root" is "processd", not
"SpectroSERVER".

processd, which is an inetd-like process, must be run as root because
only a root-owned process can arbitrarily launch child processes that can
subsequently setuid(2) to become other users such as "spectrum".

I know of no one who normally runs SpectroSERVER as root, and do not claim
that it has anything to do with the aforementioned vulnerability.

As an aside:
My original posting to start this thread went to two mailing lists
simultaneously: "spectrum@po.cwru.edu" and "bugtraq.org".  Me thinks
that some of the replies in this thread may just be the result of folks
using a "group" reply feature (replying to all recipients) in their MUA
and were not (necessarily) meant for "bugtraq".

If nothing else, this can serve as a reminder to myself and others that
it may be better to compose seperate messages, one to each list.  That
way the other lists' address(es) won't appear in the message headers.

Dave

--
plonka@doit.wisc.edu  http://net.doit.wisc.edu/~plonka  ARS:N9HZF  Madison, WI

[prev in list] [next in list] [prev in thread] [next in thread]