[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference csc32::consolemanager

Title:POLYCENTER Console Manager
Notice:Kits, Scans, Docs on CSC32:: as PCM$KITS:,PCM$DOCS:, PCM$SCANS:
Moderator:CSC32::BUTTERWORTH
Created:Thu Aug 06 1992
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:1541
Total number of notes:6564

1250.0. "Security issue on PCM V1.6 dUNIX" by 50305::ERNST () Fri Mar 22 1996 11:22

Hello,

customer is running PCM V1.6 (ECO 1, DCROSF161) on dUNIX V3.2c

He has configured some 'normal' users as PCM-Managers. This 'normal'
user is connected to the managed system via the C3-Interface.
Now he chooses the "Extract/Review..." Menu. Here he can define any
directory/file as "Optional Output Filename".

This output-file can be placed in any directory, the owner of the
created file will be "root" and the protection -rwxr-xr-x

Customer is *very* concerned about security on the system. He believes
that a tricky user can manipulate the contents of that file and then
can execute it.

Another concern is that a user by accident can overwrite an existing
file. This behaviour I wasn't able to reproduce because my extracted 
files always had an extension -e, e.g. /tmp/xxx-e

What do you think, is that a security issue? Is it expected behavior?


Any arguments are appreciated.

Maria
T.RTitleUserPersonal
Name		DateLines
1250.1CSC32::BUTTERWORTHGun Control is a steady hand.Mon Mar 25 1996 14:0023
>Customer is *very* concerned about security on the system. He believes
>that a tricky user can manipulate the contents of that file and then
>can execute it.
    
    How could they manipulate the contents of the file if they have
    eXexcute only access? If this file can't be edited and the only way a
    user could create the file in that director was via the C3
    Extract/Review interface then all the file could ever contain would be
    console data. If a user could manipulate the contents of the console
    logfile then proper file protection was not placed on those files which
    is a management issue.

>Another concern is that a user by accident can overwrite an existing
>file. This behaviour I wasn't able to reproduce because my extracted 
>files always had an extension -e, e.g. /tmp/xxx-e

>What do you think, is that a security issue? 
    
    I just don't see any security holes here.


    Regs,
      Dan
1250.2how to manipulate extract/review'ed data50305::ERNSTFri Mar 29 1996 09:1044
Thanks, Dan, for your answer. I have discussed your suggestions with
my customer. He has found some examples on how to manipulate the contents
of extracted PCM-data.

   >> How could they manipulate the contents of the file if they have
   >> eXexcute only access? If this file can't be edited and the only way a
   >> user could create the file in that director was via the C3
   >> Extract/Review interface then all the file could ever contain would be
   >> console data.


Customer's answer appended:

"  You're definitely right, but with a little crerative phantasie,
   there are lots of ways to manipulate the console-data.

   Here are two of them:

   a) Just connect to a Console of a DEC-Unix-System log in as ordinary
      user and do
      ksh> cat > /dev/null
      (Now wait a minute)
      (after that type in what ever you want to have as the contents of your
      file, for example a +-sign to go into .rhost or so)
      Now enter the contents that you want to have in a file later.
      (Wait another minute then press Ctrl-D)

      Now you can extract the period of time that contains only manipulated
      data.

      Similar procedures work with a console of a VMS computer

   b) It even doesn't depend on the access to the console of a Computer
      To get a few command lines in the console output, users could
      issue a
      $ REQUEST "<CR><LF>What ever they want<CR><LF> in the console log"
      using any non-privileged account on a managed VMS-system.
"

Any idea? QAR it?

Regards
Maria
1250.3CSC32::BUTTERWORTHGun Control is a steady hand.Mon Apr 01 1996 14:4143
>Customer's answer appended:

>"  You're definitely right, but with a little crerative phantasie,
>   there are lots of ways to manipulate the console-data.
>
>   Here are two of them:

>   a) Just connect to a Console of a DEC-Unix-System log in as ordinary
>      user and do
>      ksh> cat > /dev/null
>      (Now wait a minute)
>      (after that type in what ever you want to have as the contents of your
>      file, for example a +-sign to go into .rhost or so)
>      Now enter the contents that you want to have in a file later.
>      (Wait another minute then press Ctrl-D)

>      Now you can extract the period of time that contains only manipulated
>      data.
    

>      Similar procedures work with a console of a VMS computer
    
    My response is still SO WHAT!!!???? So I type MCR AUTHORIZE and then
    enter the commans to change a password. This gets written to the
    logfile and then I later extract it and edit out the junk. I still
    can't manipulate the UAF unless I have access to SYSUAF.DAT and unless
    my username is priviledged I can't do it!!!! 

>   b) It even doesn't depend on the access to the console of a Computer
>      To get a few command lines in the console output, users could
>      issue a
>      $ REQUEST "<CR><LF>What ever they want<CR><LF> in the console log"
>      using any non-privileged account on a managed VMS-system.
"
    
    Who cares??? I simply see no security breach here whatsoever. I could
    login to the console on a VT220 and issue the same command. The only 
    difference is that PCM logs this and *that* is a very good thing as the
    system manager can now use the review interface and see *exactly* what
    was entered on the console and by whom.

    Regs,
       Dan