OpenSSH Trojan

Paul Roberts dagmar at speakeasy.net
Thu Aug 1 17:07:48 PDT 2002


On Thu, 2002-08-01 at 14:35, Dan Eriksen wrote:
> On Thu, 1 Aug 2002 20:18:12 +0200
> Matthias Benkmann <matthias at winterdrache.de> wrote:
> 
> > Lesson to learn: NEVER EVER build as root.
> 
> 	If an attacker has any brains, wouldn't he add his exploit to the make install section? So before anyone installs anything they should really be reading through the install target, but that can be a huge job when there are many directories. So most don't.
> 	Am I missing something here? Installing as a user can help in a tiny number of situations. Most run make install as root without checking what it does, so I fail to see why compiling as a user is a no-brainer. Please enlighten me.
> 

Actually, I think it's other folks who've been missing something.  Only
the package installation needs to be done as root, and package
installation != package creation.

For example, most people consider things "safe" when they do a...

(as joe user)
./configure --prefix=/whatever
make 
make check
su root
make install

...which isn't quite the case, because as cited before, the installation
portion of the makefile can be just as easily tained as the configure
script.  So let's look at things from a different perspective, (please
pardon the Slackware-ism below) where we get all the files into place
and sitting still before we do anything fancy with them...

(as joe user)
./configure --prefix=/whatever
make
make check
make DESTDIR=~/reloc install

(Now a quick examination of the files under ~/reloc as / can be
performed to spot anything unusual or unexpected, but _mainly_ to spot
last-minute brokenness) 

su - root
cd /home/joe/reloc
makepkg -c y -l y /tmp/mypackage-1.0-arch-1.tgz 

Done this way, the entire mess is confined to the joe user account and
whatever files it can taint, which under normal circumstances should be
few.  IMHO it's overkill to say that doing this should be a
"no-brainer", but it's simply a good, clean administrative practice to
have all the files "sitting still" before installation so that the
actual installation amounts to no more than copying files and restoring
symlinks.

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list