Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Tiger flags *bin* owned system files, disabled accounts

43 views
Skip to first unread message

Thomas Benjamin

unread,
Jul 11, 1995, 3:00:00 AM7/11/95
to
I am trying to certify a HP9000/847 as a secure host using
Tiger. It complains about files that are owned by bin, if
they are in root's PATH.

The file ownerships in question resulted from a normal
HP-UX 9.04 install from CD-ROM.

The list below is an abbreviated directory listing of /bin,
sorted by owner and group. Following this list is an example
Tiger output warning concerning file ownership.

-r-xr-xr-x 1 bin bin 160 Nov 3 1994 alias
-r-xr-xr-x 1 bin bin 168 Nov 3 1994 umask
-r-xr-sr-x 1 bin sys 16384 Nov 3 1994 ipcs
-r-xr-sr-x 1 bin sys 24576 Nov 3 1994 ps
-r-sr-xr-x 1 root bin 18 Nov 3 1994 sysdiag
-r-sr-xr-x 1 root bin 16384 Nov 3 1994 newgrp

--WARN-- [path002w] /bin/alias in root's PATH from .profile is not
owned by root (owned by bin).

(Tiger doesn't mind the root.bin ownership.)

Is this a security problem? Also, Tiger complains about any
disabled user account that has a valid shell. The following
/etc/passwd entries are unchanged since installation. Is there
a problem with replacing /bin/sh with /bin/false in any of them?

daemon:*:1:5::/:/bin/sh
bin:*:2:2::/bin:/bin/sh
adm:*:4:4::/usr/adm:/bin/sh
lp:*:9:7::/usr/spool/lp:/bin/sh
hpdb:*:27:1:ALLBASE:/:/bin/sh

--
Thomas Benjamin
tho...@austin.lockheed.com

Stephen C. Losen

unread,
Jul 13, 1995, 3:00:00 AM7/13/95
to
In article <3tu9tj$c...@pandora.austin.lockheed.com>,

Thomas Benjamin <tho...@pandora.austin.lockheed.com> wrote:
>I am trying to certify a HP9000/847 as a secure host using
>Tiger. It complains about files that are owned by bin, if
>they are in root's PATH.
>
>The file ownerships in question resulted from a normal
>HP-UX 9.04 install from CD-ROM.
>
>The list below is an abbreviated directory listing of /bin,
>sorted by owner and group. Following this list is an example
>Tiger output warning concerning file ownership.
>
>-r-xr-xr-x 1 bin bin 160 Nov 3 1994 alias
>-r-xr-xr-x 1 bin bin 168 Nov 3 1994 umask
>-r-xr-sr-x 1 bin sys 16384 Nov 3 1994 ipcs
>-r-xr-sr-x 1 bin sys 24576 Nov 3 1994 ps
>-r-sr-xr-x 1 root bin 18 Nov 3 1994 sysdiag
>-r-sr-xr-x 1 root bin 16384 Nov 3 1994 newgrp
>
>--WARN-- [path002w] /bin/alias in root's PATH from .profile is not
> owned by root (owned by bin).
>
>(Tiger doesn't mind the root.bin ownership.)
>
>Is this a security problem?

Probably not. In general it's not good for root to run anything that
isn't completely trusted. Tiger must assume that only files owned by
root are trustworthy. If root's PATH has files owned by an ordinary user
then that user could install a nasty program and wait for root to run it.
Even if the untrusted directory is last in root's path, the ordinary user
could install a bunch of commands that are common misspellings of frequently
used commands, (such as "ks" instead of ls). Then the next time superuser
mistakenly types "ks", the trap is sprung.

Bin is a system account, however, so if bin is completely trustworty
(and that's a big "if") then having commands owned by bin in root's PATH
isn't a problem.

--
Steve Losen s...@virginia.edu phone: 804-982-4711

University of Virginia ITC Unix Support


Ken Green

unread,
Jul 14, 1995, 3:00:00 AM7/14/95
to
Stephen C. Losen (s...@holmes.acc.Virginia.EDU) wrote:

> Bin is a system account, however, so if bin is completely trustworty
> (and that's a big "if") then having commands owned by bin in root's PATH
> isn't a problem.

'Bin' stops being trust worthy when the filesystems can be NFS exported.


--
__________________email Ken....@kgcc.demon.co.uk _____________________
Ken Green Computer Consultancy
22 Matthews Chase, Binfield, Berkshire, RG42 4UR. U.K.

0 new messages