MAJOR hole in 5.0

Dagmar d'Surreal dagmar.wants at nospam.com
Wed Sep 24 03:09:38 PDT 2003


On Tue, 2003-09-23 at 18:04, Ian Molton wrote:
> Hi.
> 
> I dont want to steal anyones thunder at all by this but anyone who built
> a 5.0pre1 is subject to a pretty major security hole.

I wouldn't exactly call this a _major_ security hole.

> the 'nobody' user in /etc/passwd is wrong. anyone building 5.0 should
> check this is not screwed on their build.
> 
> it SHOULD be:
> 
> nobody:x:1000:1000:::/bin/false
> 
> and not:
> 
> nobody:x:1000:1000:nobody:/:/bin/bash

I somewhat agree with you that the current entry is incorrect, but this
is not an account that can be used to login with, and setting the home
directory to null instead of somewhere useless like / (or /var/empty now
that it's there) may have unintended effects on things using that role
account.  /bin/bash should probably be /bin/false like you say, but it's
not like anyone is going to successfully authenticate for this uid
unless someone foolishly sets a password for the account.  Nothing to
get excited about.

Major holes are things like Solaris' formerly hideously exploitable
telnetd.

> hole found by voidcore on IRC.
-- 
The email address above is phony because the people making archives of list
traffic publicly available on the web aren't taking measures to protect the
email addresses from filthy spammers.  
              AIM: evilDagmar  Jabber: evilDagmar at jabber.org




More information about the lfs-security mailing list