[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2002 14:03:58 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eugene,
> That admin console still works is apparently a side effect of admserv
> running with root uid.
Exactly.
> Under "regular" apache you will be unable to use
> PAM authentication because /etc/shadow will become unreadable. E.g. you
> won't be able to access /stats/ directories of individual virtual
> servers.
Depends on. Remember that OS restored RaQs usually have improper permissions
on /etc/shadow and /etc/passwd. So unless the admin there fixed the shadow
permissions manually the authentication will still work, despite
/usr/lib/authenticate no longer being SUID.
Example from an OS restored box with improper permissions:
ls -la /etc/passwd /etc/shadow
-rw-r--r-- 1 root root 9839 Sep 18 23:55 /etc/passwd
-rw-rw-r-- 1 root root 6487 Sep 18 23:55 /etc/shadow
Proper permissions:
ls -la /etc/passwd /etc/shadow
-rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd
-rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow
Add that to the list of 1001 bugs which Sun Cobalt will never fix. :o(
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer