oli@odbffm.incom.de (Oliver Boehmer) (04/19/91)
In <1991Apr17.192850.10450@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: >Hi! >When I recently went through the setuid-files on my system, I found, that >/usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root. >This version is part of SCO-XENIX Games and was installed with this >permissions by the SCO-Utility custom. >HACK x4511 root/root 1 ./usr/games/lib/hackdir/hack 01 >Hack allows shell escapes and I don't have to say what this means. >If it wouldn't be so serious, I'd laugh about this. But isn't it the right >filename for something like that? >Anyway, it's about time you go through your setuid-files > find / \( -perm -4000 -o -perm -6000 \) -print >oli Ooooops, I just found out, that the permissions are reset before starting the shell, so that there is no potential danger. I'm sorry about this. But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? Oh well. oli -- Oliver Boehmer, Frankfurt, Germany oli@odbffm.incom.de +49-69-331461 (voice) +49-60-308265 (1200/2400) If God is perfect, why did He create discontinuous functions?
chip@chinacat.Unicom.COM (Chip Rosenthal) (04/20/91)
In article <1991Apr18.213843.18297@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: >But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? So that it can write bones and other such stuff to the games library directory. You might want to try creating a `games' UID, chown everything under /usr/games/lib to it, and making hack setuid to `games'. This is the approach SCO takes with games distribution under UNIX. -- Chip Rosenthal 512-482-8260 | Unicom Systems Development | I saw Elvis in my wtmp file. <chip@chinacat.Unicom.COM> |
rmk@rmkhome.UUCP (Rick Kelly) (04/22/91)
In article <1991Apr18.213843.18297@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: >In <1991Apr17.192850.10450@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: > >>Hi! >>When I recently went through the setuid-files on my system, I found, that >>/usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root. >>This version is part of SCO-XENIX Games and was installed with this >>permissions by the SCO-Utility custom. >>HACK x4511 root/root 1 ./usr/games/lib/hackdir/hack 01 >>Hack allows shell escapes and I don't have to say what this means. > >>If it wouldn't be so serious, I'd laugh about this. But isn't it the right >>filename for something like that? > >>Anyway, it's about time you go through your setuid-files >> find / \( -perm -4000 -o -perm -6000 \) -print > >>oli > >Ooooops, I just found out, that the permissions are reset before starting >the shell, so that there is no potential danger. >I'm sorry about this. >But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? I believe that the high score file belongs to root, and can only be read by and written to by root. Rick Kelly rmk@rmkhome.UUCP frog!rmkhome!rmk rmk@frog.UUCP
mack@wizard.ruhr.de (Jochen Erwied) (04/22/91)
In article <1991Apr18.213843.18297@odbffm.incom.de>, Oliver Boehmer writes: >But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? Very simple answer: try accessing the game files without setting the user- ID (record/logfile, for example). >Oh well. >oli -- Jochen Erwied [...!uunet!mcsun!unido!]mack@wizard.ruhr.de Emil-Figge-Str. 3/A05 +49-231-750331 (data) D-W-4600 Dortmund 50 +49-231-756081 (voice)
pl@hakki.cs.tut.fi (Lehtinen Pertti) (04/23/91)
From article <9104211024.32@rmkhome.UUCP>, by rmk@rmkhome.UUCP (Rick Kelly): > In article <1991Apr18.213843.18297@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: >>In <1991Apr17.192850.10450@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes: >>But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? > > I believe that the high score file belongs to root, and can only be read by > and written to by root. > Yes. This is usually reason for this kind of setup. The main fault is, that there is no reason to have setuid root for this purpose. Some pseudo user and setuid to that could be just enough. It is always possible to cause some unwanted side effects, when wandering around with root. -- pl@cs.tut.fi ! All opinions expressed above are Pertti Lehtinen ! purely offending and in subject Tampere University of Technology ! to change without any further Software Systems Laboratory ! notice
mtv@milton.u.washington.edu (David Schanen) (04/24/91)
It's probably setuid so that the program can update a score file. The score file should have protections set so that noone can modify it without running the program(setuid and owned by 'user'.) If you are really concerned you can make a games user (and possibly group) for all the games stuff. -Dave Ps What is the newsgroup sub.security? -- Inet: mtv@milton.u.washington.edu * 8kyu * UUNET: ...uunet!uw-beaver!u!mtv
rodney@tyrell.stgt.sub.org (Rodney Volz) (04/27/91)
In article <1991Apr24.065940.24362@milton.u.washington.edu> mtv@milton.u.washington.edu (David Schanen) writes: > >Ps What is the newsgroup sub.security? A newsgroup belonging to the SubNet, a newgsgroup hierarchy being distributed throughout Germany and parts of Switzerland. Anybody out there who's interested in establishing a link? -Rodney -- Rodney Volz - 7000 Stuttgart 1 - FRG ============> ...uunet!mcsun!unido!gtc!aragon!tyrell!rodney <============= rodney@tyrell.gtc.de * rodney@delos.stgt.sub.org * rodney@mcshh.hanse.de \_____________ May your children and mine live in peace. ______________/
urlichs@smurf.sub.org (Matthias Urlichs) (04/29/91)
In sub.security, Artikel <128042@tyrell.stgt.sub.org>, rodney@tyrell.stgt.sub.org (Rodney Volz) writes: < In article <1991Apr24.065940.24362@milton.u.washington.edu> mtv@milton.u.washington.edu (David Schanen) writes: < > < >Ps What is the newsgroup sub.security? < < A newsgroup belonging to the SubNet, a newgsgroup hierarchy < being distributed throughout Germany and parts of Switzerland. You also might want to know that this hierarchy is in _German_. (Except when somebody crossposts articles. :-( ) < Anybody out there who's interested in establishing a link? Ask uunet (among others), or look at the Path: header of this article. -- Matthias Urlichs -- urlichs@smurf.sub.org -- urlichs@smurf.ira.uka.de /(o\ Humboldtstrasse 7 - 7500 Karlsruhe 1 - FRG -- +49-721-621127(0700-2330) \o)/