I noticed when starting Zope as root (to get privilaged ports),
but requesting suid to `nobody' (start -u nobody) the resulting
processes have the correct uid and gid, but the supplemental
group id list still has the appropriate value for root. This
means that the Zope process could, for example,
Aplogies for the ignorance, but can you maybe explain the concept
of supplemental group ids and give an example of how the current unpatched
behavior could be subverted?
On 4 Sep 2000 [EMAIL PROTECTED] wrote:
> I noticed when starting Zope as root (to get privilaged ports),
> but requesting suid
Chris McDonough <[EMAIL PROTECTED]> wrote:
>Aplogies for the ignorance, but can you maybe explain the concept
>of supplemental group ids and give an example of how the current unpatched
>behavior could be subverted?
I can try...
Supplemental gids are useful for allowing a user to belong to more
On 4 Sep 2000 [EMAIL PROTECTED] wrote:
I see... well, maybe we can take a look at it. In the meantime, if you
figure out a patch that doesn't rely on an external program, let me
know...
Thanks,
C
> Chris McDonough <[EMAIL PROTECTED]> wrote:
> >Aplogies for the ignorance, but can you maybe e
Kip Rugger wrote:
>
> Chris McDonough <[EMAIL PROTECTED]> wrote:
> >Aplogies for the ignorance, but can you maybe explain the concept
> >of supplemental group ids and give an example of how the current unpatched
> >behavior could be subverted?
>
> I can try...
>
> Supplemental gids are useful
| > I saw this on Linux; supplemental groups come from the BSD tradition,
| > so you likely will find the same situation on *BSD, Solaris, etc.
Sorry I missed the start of the thread, but, I can weigh in on this point.
Using -u user under FreeBSD gives you the Primary Group for the user you
hav
Bill Anderson <[EMAIL PROTECTED]> wrote:
>Kip Rugger wrote:
>>
>> Chris McDonough <[EMAIL PROTECTED]> wrote:
>> >Aplogies for the ignorance, but can you maybe explain the concept
>> >of supplemental group ids and give an example of how the current unpatched
>> >behavior could be subverted?
>>
Andrew Kenneth Milton <[EMAIL PROTECTED]> wrote:
>
>| > I saw this on Linux; supplemental groups come from the BSD tradition,
>| > so you likely will find the same situation on *BSD, Solaris, etc.
>
>Sorry I missed the start of the thread, but, I can weigh in on this point.
>
>Using -u user under
+---[ Kip Rugger ]--
|
| On my machine 101 is uid and gid for nobody; as you can see
| junkbuster is correctly sandboxed. For unmodified Zope, you'll
| see a zero in the indicated line (or possibly several values
| if root belongs to several groups like `wheel' on your sys
After some digging, it appears that this is a really good find. Thanks
very much for reporting it. I am going to add a collector item with your
message verbatim.
Thanks very much!
- C
On 4 Sep 2000 [EMAIL PROTECTED] wrote:
> I noticed when starting Zope as root (to get privilaged ports),
>
Kip Rugger wrote:
>
> Bill Anderson <[EMAIL PROTECTED]> wrote:
> >Kip Rugger wrote:
> >>
> >> Chris McDonough <[EMAIL PROTECTED]> wrote:
> >> >Aplogies for the ignorance, but can you maybe explain the concept
> >> >of supplemental group ids and give an example of how the current unpatched
> >>
>OK, something is not quite right here.
>On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of
>the explicit '-u nobody'? I don't do that on
>my system, which causes Zope to run as nobody implicitly.
>
>(When started as root, unless told otherwise, zope will switch to nobody)
Kip Rugger wrote:
>
> >OK, something is not quite right here.
> >On my unmodified zope, it is properly 'sandboxed'. Perhaps it is the use of
> >the explicit '-u nobody'? I don't do that on
> >my system, which causes Zope to run as nobody implicitly.
> >
> >(When started as root, unless told other
13 matches
Mail list logo
