Re: [expert] Obtain root privileges with unsecure software

2002-11-21 Thread Todd Lyons 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Olaf Marzocchi wrote on Sun, Nov 17, 2002 at 01:00:10PM +0100 :
 Is it possible, for a user who already has an account in a linux box, to 
 become root by compiling and starting a program known to be vulnerable?

Your question is a valid one, but there are only a few scenarios where
htis is bad.

1) If the program being compiled is suid root.  Well, if the user is
only a user, the program he's trying to exploit cannot be owned by root
because _he_ is the one trying to compile/install it.  This is not
possible.

2) If the program being compiled interacts with kernel space somehow,
even as a regular user, it's possible it _could_ be exploited, but htis
requires a kernel level exploit.  If you're keeping up with the updates,
this won't be possible.

3) If the program he's compiling is interacting with some other program
(think bind, postfix, etc) that is exploitable, then yes, it could.  But
at the moment, I don't know of any exploits.

4) The idiot could be compiling and running mass exploit scanning tools.
If he does that, he deserves to be castrated anyway.  What you should do
is rewrite his code so that it checks what IP address he's coming from
and then flood pings himself.  Then make all of his home directory
immutable so that he can't change it.  And you put it in his .bashrc so
that it runs it automatically.  --- or something like that.

Permissions based OS's are your friend.  That doesn't mean you let
anybody and everybody have accounts on your box.  You must watch them
closely.  However, them compiling things can only do damage to their
user constraints.  The core OS will keep running and core apps will keep
running unless he exploits something at those levels.

Blue skies...   Todd
- -- 
| MandrakeSoft USA | Sometimes you get what you want. |
| http://www.mandrakesoft.com  | Sometimes you get experience.|
| http://www.mandrakelinux.com |--unknown origin  |
   Cooker Version mandrake-release-9.1-0.1mdk Kernel 2.4.20-0.2mdk
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE93Vyjlp7v05cW2woRAnTzAJ9AdINmsSmCp7Zes0YOJYxVgdBp7QCgg/tU
Nrkoo8w4zr/zxC9P88gTTv0=
=gfSW
-END PGP SIGNATURE-


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

[expert] Obtain root privileges with unsecure software

2002-11-17 Thread Olaf Marzocchi 
Is it possible, for a user who already has an account in a linux box, to 
become root by compiling and starting a program known to be vulnerable?

If yes, how to discover this user?
Is there a way to block such exploits or not?

Thank you

Olaf

olaf@ kjws.com for every kind of mail, except spam! :-)


Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

Re: [expert] Obtain root privileges with unsecure software

2002-11-17 Thread Olaf Marzocchi 
Please ignore this question. The answer was obvious.

Olaf

At 13.00 17/11/2002, you wrote:

Is it possible, for a user who already has an account in a linux box, to 
become root by compiling and starting a program known to be vulnerable?

If yes, how to discover this user?
Is there a way to block such exploits or not?

Thank you

Olaf


olaf@ kjws.com for every kind of mail, except spam! :-)



Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com

RE: [expert] Obtain root privileges with unsecure software

2002-11-17 Thread Franki 
Its always easier to get root if you have a local user account yes..

however, that depends on some exploit being available that would allow then
elevated privs..

otherwise all their compiled program could do is mess up their own
userspace..

thats why virus's have such a hard time on linux..

If they start a trojan as their own user, then it could be accessed from
outside, but again, it would only have that users privs...

if root runs that prog however, all bets are off..


rgds

frank

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Olaf Marzocchi
Sent: Sunday, 17 November 2002 8:00 PM
To: [EMAIL PROTECTED]
Subject: [expert] Obtain root privileges with unsecure software


Is it possible, for a user who already has an account in a linux box, to
become root by compiling and starting a program known to be vulnerable?

If yes, how to discover this user?
Is there a way to block such exploits or not?

Thank you

Olaf

olaf@ kjws.com for every kind of mail, except spam! :-)





Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com