Re: Novell vs IP Security

Tue, 20 Apr 1999 17:46:37 -0700 

John Haines enscribed thusly:
> "Michael H. Warfield" wrote:
> 
> >         Snicker...  I don't think so...
> >
> >         I know of at least one "exploit" that let a user create a suid
> > root file for Unix on a Novel NFS server just by making it "read only".


> I'm sure everyone can drag a lot of skeletons out of the closet regarding
> NetWare 3.x security. Big deal ! If you're still running 3.x, well, let's just

        This was a 4.x exploit.  AFAIK, it affects all of their NFS servers.

> say these things are no suprise. Would you expect an 8 year old version of Unix
> to be secure ? NFS is only as secure as the access you allow it to the UNIX
> volume - if I let you have write access to the root of my server, then I deserve
> what I get. Whether I get that access through NFS, NetWare NFS, TFTP - hardly
> matters...

        I wasn't talking about 3.x for the NFS exploit.  This one is hot
as of about a year ago in Netware 4.x.  The trick was to create a script
on the NFS volume residing on the Novell server as a common user then make
it executable and SUID to you.  Then you go to a Netware workstation and
make it "Read-Only" from Netware.  Novell, in their infinite wisdom and
effort to make it really "read only", decided that the way to do that was
to make it owned by root.  Bang!  You as a dumb schmuck user just created
a SUID root script.  :-)  Have a nice day.

        They may have fixed it by now...  They've only had over a year
of being aware of it.

> > Considering the insular, closed, proprietary
> > environment they are coming from, I don't really think they have much of
> > a security clue.


> Hmmm... this would be opposed to a forward thinking, open, security concious
> company like, say, Microsoft ?

        Not a chance...  I don't do Windows.  :-)

        Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (770) 925-8248   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to