Newsgroups: alt.security,comp.os.linux.admin,comp.security.unix
Path: gmd.de!xlink.net!howland.reston.ans.net!europa.eng.gtefsd.com!uunet!boulder!cnsnews!ucsu.Colorado.EDU!cairnss
From: cair...@ucsu.Colorado.EDU (QEII)
Subject: Re: How secure is linux? (was: BIG RAGGEDY HOLE)
Message-ID: <cairnss.756437059@ucsu.Colorado.EDU>
Sender: use...@cnsnews.Colorado.EDU (Net News Administrator)
Nntp-Posting-Host: ucsu.colorado.edu
Organization: University of Colorado, Boulder
References: <BAM.93Dec9133511@wcl-rs.bham.ac.uk> <2enufo$cg3@explorer.clark.net> <1993Dec16.022748.10487@kf8nh.wariat.org> <1993Dec16.095741.2405@black.ox.ac.uk> <1993Dec17.012409.18262@kf8nh.wariat.org>
Date: Tue, 21 Dec 1993 01:24:19 GMT
Lines: 44

b...@kf8nh.wariat.org (Brandon S. Allbery) writes:

>In article <1993Dec16.095741.2...@black.ox.ac.uk>, mbeat...@black.ox.ac.uk (Malcolm Beattie) says:
>+---------------
>| In article <1993Dec16.022748.10...@kf8nh.wariat.org> b...@kf8nh.wariat.org (Brandon S. Allbery) writes:
>| >Linux's /proc has a different implementation (and substantially mroe
>| >functionality) than other /proc implementations (in particular, SVR4's).

>How is this different from:

># cat insecure.c
>#include <stdio.h>

>int
>main(int argc, char **argv)
>{
>    FILE *fp;

>    if (!(fp = fopen("/etc/passwd", "a")))
>    {
>	perror("/etc/passwd");
>	return 1;
>    }
>    setuid(getuid());
>    /* code here can now append anything it wants to /etc/passwd */
>    return 0;
>}
># gcc -o insecure insecure.c
># chmod 4755 insecure

>It doesn't take /proc to do this; traditional mechanisms work just fine...


There are plenty of security of holes in UNIX.  I won't
tell you any of them, you have to find them yourself.

My suggestion to the guy who asked.  Don't worry you arn't safe.
Permissions in an OS prevent a bit of grief on an
multi-user system.  They don't give you security, they save you
from a few of your own mistakes.

-- 
Proud owner of one of the first Hell Credit Cards.
"Spend all you want.  You'll pay later."