Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Fri Jul 25, 2003 at 03:02:12PM -0600, Charlie wrote:
> > Please back out to 18mdk or 13mdk until we get this fixed. I have to pull
> > those kernels off the mirror sites now.
> >
> > Thanks for alerting us to this. This sort of thing demonstrates the need
> > for a formal bug tracker for post-release releases.
>
> Thank you Vincent, secteam members, Juan and the kernel developers.
You're very welcome.
> The information above and the notification(s) you sent regarding kernels and
> XFS being "safe" helped with the install I had to help with yesterday. It
> would have been a nightmare to have to call the gentleman to explain any of
> this after finally convincing him to give Mandrake a chance.
Yeah.. I can imagine that wouldn't be too much fun.
> If you're wondering he's thoroughly impressed and he's already advocating the
> distribution to his total "neophyte business neighbour."
Good stuff!
> Damn! You MandrakeSoft people are good. :-)
Well, certainly do make our best effort. =)
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Thu Jul 24, 2003 at 07:20:31PM -0700, David Guntner wrote:
> > While vincent wakeup, I am uploading new kernel packages to:
> >
> > http://people.mandrakesoft.com/~quintela/updates/9.1/
>
> Thanks for providing those so quickly, Juan. I'll be installing them
> shortly. :-)
They're making their way to a mirror near you as well. =)
Announcement will go out tomorrow am (my time) once there has been
sufficient mirroring time.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Thursday 24 July 2003 08:25 am, Juan Quintela wrote: > > While vincent wakeup, I am uploading new kernel packages to: > > http://people.mandrakesoft.com/~quintela/updates/9.1/ Thanks for providing those so quickly, Juan. I'll be installing them shortly. :-) --Dave Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Thursday 24 July 2003 08:25 am, Juan Quintela wrote: > While vincent wakeup, I am uploading new kernel packages to: > > http://people.mandrakesoft.com/~quintela/updates/9.1/ Installed kernel-2.4.21.0.25mdk-1-1mdk.i586.rpm, kernel-doc-2.4.21-0.25mdk.i586.rpm, and kernel-source-2.4.21-0.25mdk.i586.rpm, all rebuilt from your SRPM. Works like a dream. Many, many thanks, Arn Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
> "vincent" == Vincent Danen <[EMAIL PROTECTED]> writes: vincent> On Wed Jul 23, 2003 at 08:04:26PM -0400, Greg Meyer wrote: >> > Ok. Did a little playing here, using /var/lock/subsys/* as my >> > determination point. >> > >> > kernel: everything world writeable >> > kernel-secure: normal perms (most everything world readable except syslog >> > IIRC) >> > kernel-enterprise: normal perms >> > >> For additional edification, I did not install the stock update kernel, but >> instead applied the netraverse win4lin patches and rebuilt using my config >> file from the -22mdk club kernel (make oldconfig). I am getting the same >> symptoms here too. >> >> [EMAIL PROTECTED] /var/lock/subsys] >> # ls -l >> total 4 >> -rw-rw-rw-1 root root0 Jul 23 19:32 alsa vincent> [...] >> Anything else you want to know from me? config file, etc. vincent> Nope... I think I've nailed the culprits... the problem is figuring out why. vincent> Unfortunately, since I'm not a kernel hacker, we have to wait on Juan for vincent> this and he's asleep right now. While vincent wakeup, I am uploading new kernel packages to: http://people.mandarkesoft.com/~quintela/updates/9.1/ 25mdk should be there in something like 1h (145MB to upload from my cable line). This is not the _official_ update, and is not signed, blah, blah, vincent will do it once he wake up. Sorry for the inconveniences, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
> "david" == David Guntner <[EMAIL PROTECTED]> writes: Hi I read that you already checked the umas. david> uname -a won't be of any help now, because I've reverted back to the prior david> kernel (2.4.21-0.18mdk). Not smp, secure or anthing else. Just kernel- david> 2.4.21-0.18mdk. Same for the new version, which is 2.4.21-0.24mdk, which david> was installed from kernel-2.4.21.0.24mdk-1-1mdk.i586.rpm. >> That is really really wierd. >> >> Just ran msec here and it just shows me that my initrd is world-writable so >> I don't think your problem is due to the kernel. I wonder what is happening here, I am pretty sure that my initrd is not world writable at all. david> The initrd file never *used* to be world-writable Not until this david> release of the kernel, anyway. Personally, I would consider that a bad david> sign. >> cc'ing this to Juan just so he can check as well. david> Me, too, so that he can see the followup. /me covers head with brown paper bag for a week while releasing -25mdk with this thing fixed. Later, Juan. -- In theory, practice and theory are the same, but in practice they are different -- Larry McVoy Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 04:46:09PM -0700, Bryan Whitehead wrote:
> >Ok. Did a little playing here, using /var/lock/subsys/* as my
> >determination
> >point.
> >
> >kernel: everything world writeable
> >kernel-secure: normal perms (most everything world readable except syslog
> >IIRC)
> >kernel-enterprise: normal perms
>
> Enterprise is broken also. Please see my previous post.
I did. And after looking and it and testing here (and getting secteam to do
some quick testing) we came to the conclusion that kernel-secure and any fs
*or* any kernel and XFS are ok... for the rest, bad news.
> Also, it doesn't seem to be only reiserfs related. NFS has the problem
> also when no reiserfs is on the system.
>
> XFS filesystems do not seem to have this problem.
Yes.
> As I said before, I can rekickstart some test machines with any combo of
> filesystems to test. I'm willing to test new kernels.
At this point, we're waiting. I had no hand in the kernel updates beyond
testing and coordination. The kernel folks did all the work on it and I
can't tell from the changelog where the problem may have been introduced,
nor can I determine from the many and varied patches where it may have
creeped in. We're waiting for Juan to wake up and take a gander at it.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 08:04:26PM -0400, Greg Meyer wrote:
> > Ok. Did a little playing here, using /var/lock/subsys/* as my
> > determination point.
> >
> > kernel: everything world writeable
> > kernel-secure: normal perms (most everything world readable except syslog
> > IIRC)
> > kernel-enterprise: normal perms
> >
> For additional edification, I did not install the stock update kernel, but
> instead applied the netraverse win4lin patches and rebuilt using my config
> file from the -22mdk club kernel (make oldconfig). I am getting the same
> symptoms here too.
>
> [EMAIL PROTECTED] /var/lock/subsys]
> # ls -l
> total 4
> -rw-rw-rw-1 root root0 Jul 23 19:32 alsa
[...]
> Anything else you want to know from me? config file, etc.
Nope... I think I've nailed the culprits... the problem is figuring out why.
Unfortunately, since I'm not a kernel hacker, we have to wait on Juan for
this and he's asleep right now.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wednesday 23 July 2003 08:30 pm, Charlie wrote: > -rw-r--r--1 root root0 Jul 23 16:26 tmdns > -rw-r--r--1 root root0 Jul 23 16:26 xfs > -rw-r--r--1 root root0 Jul 23 16:26 xinetd > > After a reboot to the .22mdk kernel this is what I get. File systems are: Same here, and I built the -22 kernel myself too. [EMAIL PROTECTED] ~] $ uname -r 2.4.21-0.22w4l > boot ext2 > everything else is Reiser. I use ext2 for /boot and ext3 for everything else. -- /g "Outside of a dog, a man's best friend is a book, inside a dog it's too dark to read" -Groucho Marx Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wednesday 23 July 2003 06:16 pm, Vincent Danen wrote: > > Ok. Did a little playing here, using /var/lock/subsys/* as my > determination point. > > kernel: everything world writeable > kernel-secure: normal perms (most everything world readable except syslog > IIRC) > kernel-enterprise: normal perms > For additional edification, I did not install the stock update kernel, but instead applied the netraverse win4lin patches and rebuilt using my config file from the -22mdk club kernel (make oldconfig). I am getting the same symptoms here too. [EMAIL PROTECTED] /var/lock/subsys] # ls -l total 4 -rw-rw-rw-1 root root0 Jul 23 19:32 alsa -rw-rw-rw-1 root root0 Jul 23 19:33 atd -rw-rw-rw-1 root root0 Jul 23 19:33 crond -rw-rw-rw-1 root root0 Jul 23 19:33 cups -rw-rw-rw-1 root root0 Jul 23 19:33 devfsd -rw-rw-rw-1 root root4 Jul 23 19:33 dm -rw-rw-rw-1 root root0 Jul 23 19:32 gpm -rw-rw-rw-1 root root0 Jul 23 19:32 harddrake -rw-rw-rw-1 root root0 Jul 23 19:32 internet -rw-rw-rw-1 root root0 Jul 23 19:33 keytable -rw-rw-rw-1 root root0 Jul 23 19:33 kheader -rw-rw-rw-1 root root0 Jul 23 19:33 linuxconf -rw-rw-rw-1 root root0 Jul 23 19:33 lisa -rw-rw-rw-1 root root0 Jul 23 19:33 local -rw-rw-rw-1 root root0 Jul 23 19:33 netfs -rw-rw-rw-1 root root0 Jul 23 19:32 network -rw-rw-rw-1 root root0 Jul 23 19:32 nfslock -rw-rw-rw-1 root root0 Jul 23 19:33 numlock -rw-rw-rw-1 root root0 Jul 23 19:32 partmon -rw-rw-rw-1 root root0 Jul 23 19:32 portmap -rw-rw-rw-1 root root0 Jul 23 19:33 postfix -rw-rw-rw-1 root root0 Jul 23 19:32 random -rw-rw-rw-1 root root0 Jul 23 19:33 saslauthd -rw-rw-rw-1 root root0 Jul 23 19:32 slpd -rw-rw-rw-1 root root0 Jul 23 19:33 smartd -rw-rw-rw-1 root root0 Jul 23 19:32 sound -rw-rw-rw-1 root root0 Jul 23 19:33 sshd -rw-rw-rw-1 root root0 Jul 23 19:32 syslog -rw-rw-rw-1 root root0 Jul 23 19:33 webmin -rw-rw-rw-1 root root0 Jul 23 19:32 xfs -rw-rw-rw-1 root root0 Jul 23 19:33 xinetd Anything else you want to know from me? config file, etc. -- /g "Outside of a dog, a man's best friend is a book, inside a dog it's too dark to read" -Groucho Marx Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 05:20:12PM -0600, Vincent Danen wrote:
> On Wed Jul 23, 2003 at 02:34:09PM -0700, Bryan Whitehead wrote:
>
> > >I hope someone from Mandrake is still reading this list. I got the
> > >advisary for the new kernel in my mail, and installed the new kernel.
> > >Since, then, any number of processes which used to write files that were
> > >writable only by themselves (leafnode as user news, mailman as user mail
> > >and so on) are now writing their files in a world readable setting. My
> > >security logs this morning started reporting files in /var/spool/news,
> > >/var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being
> > >writable. Checking those directories, I find sure enough that everything
> > >is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please
> > >look into this and fix it and issue a new kernel? This needs to not
> > >continue to happen. When I su to the user IDs in question and do a umask
> > >command, I see 0022 like it should be - so I can't see any reason why this
> > >should be happening.
> >
> > I have the same problem:
> [...]
>
> Thanks, Bryan. This helps.
Ok.
kernel-secure seems safe
XFS filesystems are safe
Any kernel (non-secure) using a fs (non-XFS) will write mode 0666 files...
this includes reiserfs, ext2, ext3, and NFS mounts.
I guess most everyone on secteam uses XFS since that was the fs we were
particularly concerned with due to the ACLs and gdb problems. Dammit.
Please back out to 18mdk or 13mdk until we get this fixed. I have to pull
those kernels off the mirror sites now.
Thanks for alerting us to this. This sort of thing demonstrates the need
for a formal bug tracker for post-release releases.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 02:34:09PM -0700, Bryan Whitehead wrote:
> >I hope someone from Mandrake is still reading this list. I got the
> >advisary for the new kernel in my mail, and installed the new kernel.
> >Since, then, any number of processes which used to write files that were
> >writable only by themselves (leafnode as user news, mailman as user mail
> >and so on) are now writing their files in a world readable setting. My
> >security logs this morning started reporting files in /var/spool/news,
> >/var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being
> >writable. Checking those directories, I find sure enough that everything
> >is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please
> >look into this and fix it and issue a new kernel? This needs to not
> >continue to happen. When I su to the user IDs in question and do a umask
> >command, I see 0022 like it should be - so I can't see any reason why this
> >should be happening.
>
> I have the same problem:
[...]
Thanks, Bryan. This helps.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 03:29:29PM -0600, Charlie wrote:
> Would a copy of /var/log/security/writable.diff help? There's a *lot* of files
> that weren't writable that are now. 8.5 kB to be exact. I do believe I'm
> going to boot back to .22mdk. Or .18mdk. At least until somebody figures this
> out.
>
> Let me know what, and where, to send diffs etc., I think investigating this is
> probably more important at the moment than installing 9.2beta1; which is what
> I had planned for this afternoon.
Feel free to send a copy to me directly.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 01:26:27PM -0700, David Guntner wrote:
> Glad to see you're still on the list, Vincent. :-)
Someone has to make sure you guys behave.. =)
> > > I hope someone from Mandrake is still reading this list. I got the
> > > advisary for the new kernel in my mail, and installed the new kernel.
> > > Since, then, any number of processes which used to write files that were
> > > writable only by themselves (leafnode as user news, mailman as user mail
> > > and so on) are now writing their files in a world readable setting. My
> > > security logs this morning started reporting files in /var/spool/news,
> > > /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being
> > > writable. Checking those directories, I find sure enough that everything
> > > is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please
> > > look into this and fix it and issue a new kernel? This needs to not
> > > continue to happen. When I su to the user IDs in question and do a umask
> > > command, I see 0022 like it should be - so I can't see any reason why this
> > > should be happening.
> >
> > We've not seen this at all during testing. Which kernel did you install?
> > secure, up, smp, etc... uname -a would be good.
>
> uname -a won't be of any help now, because I've reverted back to the prior
> kernel (2.4.21-0.18mdk). Not smp, secure or anthing else. Just kernel-
> 2.4.21-0.18mdk. Same for the new version, which is 2.4.21-0.24mdk, which
> was installed from kernel-2.4.21.0.24mdk-1-1mdk.i586.rpm.
Ok. So normal kernel.
> > That is really really wierd.
> >
> > Just ran msec here and it just shows me that my initrd is world-writable so
> > I don't think your problem is due to the kernel.
>
> The initrd file never *used* to be world-writable Not until this
> release of the kernel, anyway. Personally, I would consider that a bad
> sign.
Agreed. I'm really not sure why the initrd's are written world writeable.
> > cc'ing this to Juan just so he can check as well.
>
> Me, too, so that he can see the followup.
Ok. Did a little playing here, using /var/lock/subsys/* as my determination
point.
kernel: everything world writeable
kernel-secure: normal perms (most everything world readable except syslog
IIRC)
kernel-enterprise: normal perms
This leads me to believe there is something wrong with the regular kernel.
I also have reiserfs for my / partition, so possibly it has something to do
with reiserfs, I'm not sure. Checked my vmware test install and it has
reiserfs as well, so that isn't conclusive.
Ok, just checked my 9.1/PPC machine with ext2 as the / and it has the same
issue.
There is definitely something wrong with the up (normal) kernel.
I'm going to fire off an email on the announce mailing list indicating to
people to either back out of 24mdk or use the enterprise/secure kernels (if
someone is using a smp kernel, can you please tell me if you get the same
behaviour?).
Juan will have to look at this first thing tomorrow so we can hopefully get
a fixed up kernel out ASAP.
On a side note, I don't see your msec issue here at all, even with the up
kernel so I'm really not sure if that is a kernel problem or not.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wednesday 23 July 2003 03:28 pm, David Guntner wrote: > > Also, what are the filesystems in question? Unfortunately my > > mirrors in GMT-8 still haven't caught up so I can't do any > > verification yet. > > Assuming I understand your question correctly, I'm using ReiserFS for > all filesystems except /boot, which is ext2. Precisely the same set up: reiserfs for /, /home; ext2 for /boot. Arn Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wednesday 23 July 2003 02:26 pm, Vincent Danen wrote: > On Wed Jul 23, 2003 at 11:56:14AM -0700, David Guntner wrote: > > I hope someone from Mandrake is still reading this list. I got the > > advisary for the new kernel in my mail, and installed the new > > kernel. Since, then, any number of processes which used to write > > files that were writable only by themselves (leafnode as user news, > > mailman as user mail and so on) are now writing their files in a > > world readable setting. My security logs this morning started > > reporting files in /var/spool/news, /var/lock/subsys, /var/run, > > /var/lib/mailman/lists and so on as being writable. Checking those > > directories, I find sure enough that everything is -rw-rw-rw- -- > > clearly, this is not acceptable! Can someone please look into this > > and fix it and issue a new kernel? This needs to not continue to > > happen. When I su to the user IDs in question and do a umask > > command, I see 0022 like it should be - so I can't see any reason > > why this should be happening. > > We've not seen this at all during testing. Which kernel did you > install? secure, up, smp, etc... uname -a would be good. > > That is really really wierd. > > Just ran msec here and it just shows me that my initrd is > world-writable so I don't think your problem is due to the kernel. > > cc'ing this to Juan just so he can check as well. I'm seeing the same thing. Below is a copy of my post on aolm. Situation: I upgraded to the latest kernel for LM 9.1, downloaded from ftp://ftp.club-internet.fr/pub/unix/linux/Mandrake/updates/9.1/RPMS. After checking gpg and md5 (rpm -K), I installed kernel-2.4.21.0.24mdk-1-1mdk.i586.rpm (rpm -iv), kernel-source-2.4.21-0.24mdk.i586.rpm (rpm -iv --oldpackage) and freshened kernel-doc-2.4.21-0.24mdk.i586.rpm (rpm -Fv). I then rebooted and made the NVIDIA drivers for the new kernel. Everything seemed to work as expected. My system is LM 9.1 with all updates plus a few packages rebuilt from cooker SRPMs (mainly autoconf, automake, XFree86, and KDE). The updated kernel is the only change I made in the last 24 hours. Problem: All new files are now created with 0666 (rw-rw-rw-) permissions. Umask for user and root are correctly set (0077 and 0022 respectively) but are ignored. Directories are created with the correct permissions. When I reboot with the old kernel (2.4.21-0.18mdk) everything works as it should. Could someone who's upgraded to the latest kernel please check for this behavior. World-writable root-owned files is a serious security hole. I've had one confirmation so far. I'm also seeing the problem Dave reported with msec. I'm currently running /etc/cron.daily/msec under kernel-2.4.21-0.18mdk to see whether it is indeed the kernel. I'll post the results under that thread when it completes. Arn Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
Jack Coates grabbed a keyboard and wrote: > > On Wed, 2003-07-23 at 12:26, Vincent Danen wrote: > > On Wed Jul 23, 2003 at 11:56:14AM -0700, David Guntner wrote: > > > > > I hope someone from Mandrake is still reading this list. I got the > > > advisary for the new kernel in my mail, and installed the new kernel. > > > Since, then, any number of processes which used to write files that were > > > writable only by themselves (leafnode as user news, mailman as user mail > > > and so on) are now writing their files in a world readable setting. My > > > security logs this morning started reporting files in /var/spool/news, > > > /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being > > > writable. Checking those directories, I find sure enough that everything > > > is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please > > > look into this and fix it and issue a new kernel? This needs to not > > > continue to happen. When I su to the user IDs in question and do a umask > > > command, I see 0022 like it should be - so I can't see any reason why this > > > should be happening. > > > > We've not seen this at all during testing. Which kernel did you install? > > secure, up, smp, etc... uname -a would be good. > > Also, what are the filesystems in question? Unfortunately my mirrors in > GMT-8 still haven't caught up so I can't do any verification yet. Assuming I understand your question correctly, I'm using ReiserFS for all filesystems except /boot, which is ext2. If that wasn't your question, please clarify. :-) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
Vincent Danen grabbed a keyboard and wrote: Glad to see you're still on the list, Vincent. :-) > On Wed Jul 23, 2003 at 11:56:14AM -0700, David Guntner wrote: > > > I hope someone from Mandrake is still reading this list. I got the > > advisary for the new kernel in my mail, and installed the new kernel. > > Since, then, any number of processes which used to write files that were > > writable only by themselves (leafnode as user news, mailman as user mail > > and so on) are now writing their files in a world readable setting. My > > security logs this morning started reporting files in /var/spool/news, > > /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being > > writable. Checking those directories, I find sure enough that everything > > is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please > > look into this and fix it and issue a new kernel? This needs to not > > continue to happen. When I su to the user IDs in question and do a umask > > command, I see 0022 like it should be - so I can't see any reason why this > > should be happening. > > We've not seen this at all during testing. Which kernel did you install? > secure, up, smp, etc... uname -a would be good. uname -a won't be of any help now, because I've reverted back to the prior kernel (2.4.21-0.18mdk). Not smp, secure or anthing else. Just kernel- 2.4.21-0.18mdk. Same for the new version, which is 2.4.21-0.24mdk, which was installed from kernel-2.4.21.0.24mdk-1-1mdk.i586.rpm. > That is really really wierd. > > Just ran msec here and it just shows me that my initrd is world-writable so > I don't think your problem is due to the kernel. The initrd file never *used* to be world-writable Not until this release of the kernel, anyway. Personally, I would consider that a bad sign. > cc'ing this to Juan just so he can check as well. Me, too, so that he can see the followup. --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
I hope someone from Mandrake is still reading this list. I got the advisary for the new kernel in my mail, and installed the new kernel. Since, then, any number of processes which used to write files that were writable only by themselves (leafnode as user news, mailman as user mail and so on) are now writing their files in a world readable setting. My security logs this morning started reporting files in /var/spool/news, /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being writable. Checking those directories, I find sure enough that everything is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please look into this and fix it and issue a new kernel? This needs to not continue to happen. When I su to the user IDs in question and do a umask command, I see 0022 like it should be - so I can't see any reason why this should be happening. Thanks! --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] ATTN MANDRAKE: Kernel update and then everything is world writable?
On Wed Jul 23, 2003 at 11:56:14AM -0700, David Guntner wrote:
> I hope someone from Mandrake is still reading this list. I got the
> advisary for the new kernel in my mail, and installed the new kernel.
> Since, then, any number of processes which used to write files that were
> writable only by themselves (leafnode as user news, mailman as user mail
> and so on) are now writing their files in a world readable setting. My
> security logs this morning started reporting files in /var/spool/news,
> /var/lock/subsys, /var/run, /var/lib/mailman/lists and so on as being
> writable. Checking those directories, I find sure enough that everything
> is -rw-rw-rw- -- clearly, this is not acceptable! Can someone please
> look into this and fix it and issue a new kernel? This needs to not
> continue to happen. When I su to the user IDs in question and do a umask
> command, I see 0022 like it should be - so I can't see any reason why this
> should be happening.
We've not seen this at all during testing. Which kernel did you install?
secure, up, smp, etc... uname -a would be good.
That is really really wierd.
Just ran msec here and it just shows me that my initrd is world-writable so
I don't think your problem is due to the kernel.
cc'ing this to Juan just so he can check as well.
--
MandrakeSoft Security; http://www.mandrakesecure.net/
Online Security Resource Book; http://linsec.ca/
"lynx -source http://linsec.ca/vdanen.asc | gpg --import"
{FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp0.pgp
Description: PGP signature
