On Fri, Oct 14, 2011 at 8:40 PM, Clint Byrum <[email protected]> wrote:
> I would support removal of this from a security standpoint. This is used
> to escalate privileges via sql injection + insecure temp file creation.
Me too, but...
> consider (please ignore syntax errors, its been a while since I wrote SQL):
>
> create table commands (command LONGTEXT);
> insert into commands values('#!/bin/sh
> echo "rooted:x:0:0::/root:/bin/bash >> /etc/passwd
> rooted:$1$....:... >> /etc/shadow
> sed -i -e 's/PermitRootLogin +.*/PermitRootLogin yes/' /etc/ssh/sshd_config
> killall -HUP sshd');
> select into outfile '/tmp/predictable.temp.root.script.sh' command from
> commands;
AFAIK it can't overwrite files. And the daemon should not have
permission to write to /etc
So, OK to remove?
Olaf
_______________________________________________
Mailing list: https://launchpad.net/~drizzle-discuss
Post to : [email protected]
Unsubscribe : https://launchpad.net/~drizzle-discuss
More help : https://help.launchpad.net/ListHelp
