Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Tue, Jan 09, 2001 at 07:19:53PM -0500, Matt Zimmerman wrote: I assume its purpose is to allow different resolver settings to be used with individual programs. For instance, perhaps one program should use DNS, while another NIS, and still another only the local hosts file for name resolution. For some programs, setting 'nospoof' will improve security; for others, it will just cause some lookups to fail needlessly. How does resolv.conf let you specify that? According to resolv.conf(5), resolv.conf is used for DNS only (which is what I always thought). You could accomplish the above if you could override /etc/nsswitch.conf though. There's probably some nasties in this option somewhere. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Wed, Jan 10, 2001 at 09:55:29PM +1100, Hamish Moffatt wrote: On Tue, Jan 09, 2001 at 07:19:53PM -0500, Matt Zimmerman wrote: I assume its purpose is to allow different resolver settings to be used with individual programs. For instance, perhaps one program should use DNS, while another NIS, and still another only the local hosts file for name resolution. For some programs, setting 'nospoof' will improve security; for others, it will just cause some lookups to fail needlessly. How does resolv.conf let you specify that? According to resolv.conf(5), resolv.conf is used for DNS only (which is what I always thought). You could accomplish the above if you could override /etc/nsswitch.conf though. The environment variable in question lets you specify the location of host.conf, not resolv.conf. -- - mdz
Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Tue, Jan 09, 2001 at 11:08:56AM +, Julian Gilbey wrote: Most weird. I get this behaviour when running through a setuid root strace, but I don't get the error messages (and hence the content of /etc/shadow) when I don't use strace. I'm still running potato. I have some more oddities to add. When I set RESOLV_HOST_CONF=/etc/shadow and run fping debian.org I don't get /etc/shadow displayed. Even running it with a +s strace doesn't work. But when I use sudo fping ... I get /etc/shadow displayed (which shouldn't be such a big hole in that case). I too tried it with potato. Christoph -- * Christoph Baumann * * [EMAIL PROTECTED] * * www.rzuser.uni-heidelberg.de/~cbauman1/welcome.html* * External Error : INTELLIGENCE not found !*
Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Tue, Jan 09, 2001 at 01:41:41PM +0100, Christoph Baumann wrote: On Tue, Jan 09, 2001 at 11:08:56AM +, Julian Gilbey wrote: Most weird. I get this behaviour when running through a setuid root strace, but I don't get the error messages (and hence the content of /etc/shadow) when I don't use strace. I'm still running potato. I have some more oddities to add. When I set RESOLV_HOST_CONF=/etc/shadow and run fping debian.org I don't get /etc/shadow displayed. Even running it with a +s strace doesn't work. But when I use sudo fping ... I get /etc/shadow displayed (which shouldn't be such a big hole in that case). I too tried it with potato. Potato is not vulnerable. This is a woody/sid only bug (i.e. glibc 2.1.9x and greater, such as the 2.2 in woody/sid). The bug is not that it prints this info, but that it uses the env variable even when suid/sgid. This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars that were supposed to be cleared when a program starts up suid/sgid (including RESOLV_HOST_CONF). Ben -- ---===-=-==-=---==-=-- / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- [EMAIL PROTECTED] ' `---=--===-=-=-=-===-==---=--=---'
Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Tue, Jan 09, 2001 at 09:29:46AM -0500, Ben Collins wrote: Potato is not vulnerable. This is a woody/sid only bug (i.e. glibc 2.1.9x and greater, such as the 2.2 in woody/sid). The bug is not that it prints this info, but that it uses the env variable even when suid/sgid. This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars that were supposed to be cleared when a program starts up suid/sgid (including RESOLV_HOST_CONF). What is the purpose of $RESOLV_HOST_CONF anyway, ie what problem is it intended to solve? Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
On Wed, Jan 10, 2001 at 08:34:13AM +1100, Hamish Moffatt wrote: On Tue, Jan 09, 2001 at 09:29:46AM -0500, Ben Collins wrote: Potato is not vulnerable. This is a woody/sid only bug (i.e. glibc 2.1.9x and greater, such as the 2.2 in woody/sid). The bug is not that it prints this info, but that it uses the env variable even when suid/sgid. This wasn't supposed to happen, and the actual fix was a missing comma in the list of secure env vars that were supposed to be cleared when a program starts up suid/sgid (including RESOLV_HOST_CONF). What is the purpose of $RESOLV_HOST_CONF anyway, ie what problem is it intended to solve? I assume its purpose is to allow different resolver settings to be used with individual programs. For instance, perhaps one program should use DNS, while another NIS, and still another only the local hosts file for name resolution. For some programs, setting 'nospoof' will improve security; for others, it will just cause some lookups to fail needlessly. -- - mdz
