| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 9683.1 | | NNTPD::"[email protected]" | Ann Majeske | Wed Apr 30 1997 17:29 | 23 |
| > 1. Is there any other back-door mechanim to utilize to modify the ROOT
> password, assuming that we have enhanced security enabled? Is there any
> other account that we can set-up with some level of security that we can
> modify the ROOT password without knowing the current password?
Can you say "security hole big enough to drive a truck through"? If there
were such a back door (I can assure you there isn't), I would be working as
hard as I could to close it, and I certainly wouldn't tell anyone about it!
> 2. Is there any way of cleanly shutting down the system when you do not
> have the ROOT password?
This is certainly worth looking into. You might be able to let a selected
user shutdown the system by using sudo, or with a combination of setuid/group
protection. If they're running V4.0 or later, they could also look into using
a combination of setuid and ACLs to allow another user to run shutdown. But,
be careful how you set this up and who you allow to shutdown the system.
Giving "J. Random User" the ability to shut down the system can cause you
more problems than it's worth if he gets pissed off and decides to shutdown
the system in the middle of the day to get even.
[Posted by WWW Notes gateway]
|
| 9683.2 | Thanks | CSC32::RUTSCHOW | Jack of all trades, master of none | Fri May 02 1997 15:27 | 8 |
| Thanks Ann, Like I said I am just trying to see if I overlooked
anything for the customer. They arn't at 4.x yet but I will pass that
along as a possible future solution...
Any more???
thanks again,
dale
|
| 9683.3 | check out "dop" - Division of Privledge | DECWET::DIPIETRO | | Wed May 07 1997 11:12 | 3 |
| "dop" - Division of Privledge is used as part of the SysMan
package integrated into the CDE desktop. Don't have a man
page handy, but it might do the trick.
|
| 9683.4 | Where is "dop"? | CSC32::RUTSCHOW | Jack of all trades, master of none | Wed May 07 1997 12:49 | 5 |
| I can't find anything on "dop"??? I tried man, and looked through the
index, several of the books... Where is this hidden?
thanks,
dale
|
| 9683.5 | /usr/sbin/dop | RHETT::PARKER | | Wed May 07 1997 13:34 | 13 |
|
Hi, Dale.
/usr/sbin/dop
There was a BLITZ on it though - it's a security hole. I think the
Blitz is in here somewhere.
Hth,
Lee
|
| 9683.6 | | CADSYS::BOGDANOV | | Wed May 07 1997 14:18 | 20 |
| A simple program can be written which runs under root ownership (s bit set).
It will look like the following:
#include <pwd.h>
int main ()
{
gid_t gid;
uid_t uid;
gid = getgid ();
uid = getuid ();
if (uid == TRUSTED_USER && gid != TRUSTED_GROUP)
system("shutdown now");
return 0;
}
Looks like it should work, however I did not test it.
>> Serge
|
| 9683.7 | | SMURF::SCOTT | | Wed May 07 1997 17:04 | 10 |
| re .6
Just be careful with the code in .6. Anyone who passes the TRUSTED_USER
and TRUSTED_GROUP tests will be able to use this code to execute anything,
not just "shutdown now".
(I'm guessing the intent was to match TRUSTED_GROUP rather than exclude
it, but that is not the real problem).
larry
|
| 9683.8 | I can hack that system in 2 notes... | QUARRY::reeves | Jon Reeves, UNIX compiler group | Wed May 07 1997 17:04 | 2 |
| I'd never let you install that program on any production machine
I was responsible for.
|
| 9683.9 | Notes collision. | QUARRY::reeves | Jon Reeves, UNIX compiler group | Wed May 07 1997 17:11 | 6 |
| Free bonus clue: at a minimum, that system() call should be replaced with
execl("/sbin/shutdown", "shutdown", "now", 0);
though execle with a null environment might be even better. Given the
nature of the program, the customary preceding fork() can probably be skipped.
|
| 9683.10 | | CADSYS::BOGDANOV | | Fri May 09 1997 09:41 | 1 |
| .7 Thanks, I did not want to exclude the group (just a typo).
|