Dear All,
My final word on this hosest ! Firstly apologies to Sylvain Robitaille
<syl_at_alcor.concordia.ca> who was the person who suggested this quick fix
in the alpha-osf-managers list (not BUGTRAQ as I orginally thought).
Apologies also to everyone for going over well troden ground but...
Original query:
Removing the others read permission on SUID programs appears to disable
anyone from interrupting that program and causing a crash dump. Is this
a sensible idea and are they're any nasty side effects ?
Summary:
The concensus (2 responses) was yes its fine. One person suggests they
always have removed the others read permission from SUID programs for
that very reason (and why give away more privileges than are required -
good point). Someone else suggested that an dummy /.rhosts file with no
write permission would stop the symlink/core attack to gain root access.
This (in my opinion) will only stop that particular access route and
won't stop a malicious user zapping any file they wish thus possibly
causing a denial of service.
Extra disablers for core dumps (which can be awkward or overriden):
Can be set in the C2 security profile
Can be set in the shell ulimit
Can be set in the kernel itself
Many thanks to:
Sylvain Robitaille <syl_at_alcor.concordia.ca> (sorry Sylvain)
Andrew Leahy <A.Leahy_at_st.nepean.uws.edu.au>
Biggerstaff, Craig T <Craig.T.Biggerstaff_at_USAHQ.UnitedSpaceAlliance.com>
Girish Phadke <pgirish_at_binariang.maxisnet.com.my>
Postscript:
I was hoping for a DEC employed guru to come back with a clear cut
definate answer to this (with full disclaimers of course) but...
as I always like to go for the simplest most elegant solution.
All the best,
-Will
Computer Science Department | mail: W.Flett_at_dcs.rhbnc.ac.uk
Royal Holloway, University of London | talk: +44 1784 443428 (direct)
Egham, Surrey TW20 0EX, England | fax: +44 1784 439786
Received on Fri Apr 24 1998 - 12:51:23 NZST