-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Olaf Marzocchi wrote on Sun, Nov 17, 2002 at 01:00:10PM +0100 : > Is it possible, for a user who already has an account in a linux box, to > become root by compiling and starting a program known to be vulnerable?
Your question is a valid one, but there are only a few scenarios where htis is bad. 1) If the program being compiled is suid root. Well, if the user is only a user, the program he's trying to exploit cannot be owned by root because _he_ is the one trying to compile/install it. This is not possible. 2) If the program being compiled interacts with kernel space somehow, even as a regular user, it's possible it _could_ be exploited, but htis requires a kernel level exploit. If you're keeping up with the updates, this won't be possible. 3) If the program he's compiling is interacting with some other program (think bind, postfix, etc) that is exploitable, then yes, it could. But at the moment, I don't know of any exploits. 4) The idiot could be compiling and running mass exploit scanning tools. If he does that, he deserves to be castrated anyway. What you should do is rewrite his code so that it checks what IP address he's coming from and then flood pings himself. Then make all of his home directory immutable so that he can't change it. And you put it in his .bashrc so that it runs it automatically. --- or something like that. Permissions based OS's are your friend. That doesn't mean you let anybody and everybody have accounts on your box. You must watch them closely. However, them compiling things can only do damage to their user constraints. The core OS will keep running and core apps will keep running unless he exploits something at those levels. Blue skies... Todd - -- | MandrakeSoft USA | Sometimes you get what you want. | | http://www.mandrakesoft.com | Sometimes you get experience. | | http://www.mandrakelinux.com | --unknown origin | Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-0.2mdk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE93Vyjlp7v05cW2woRAnTzAJ9AdINmsSmCp7Zes0YOJYxVgdBp7QCgg/tU Nrkoo8w4zr/zxC9P88gTTv0= =gfSW -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
