[Popcon-developers] Bug#429405: Wrong usage of su in /etc/cron.weekly/popularity-contest (New bug)

Klaus Ethgen Klaus at Ethgen.de
Tue Jun 19 13:08:22 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Bill,

Am Di den 19. Jun 2007 um 14:30 schrieb Bill Allombert:
> What is you attack model ?  So the server has a security flaw and run as
> user nobody. If the attacker can run arbitrary code as user nobody, why
> cannot they just exec /bin/sh ? Where does that make a difference ?

Well, it is just a bit more security. Sure the flaw can be that big that
any code can be executed. But mostely the flaws first give a shell in
some way and then the attacker can go on.

If the shell is no shell this posible hole is clocsed before it ever
gets a problem. (I saw such attacks on another system (BSE^HD) where a
attacker was only able to get in the machine cause it was able to start
a shell (Which was /bin/sh) as user nobody.)

> If this is indeed a security flaw, we should fix Debian not just popcon.

Sure. But bake small bagel then noting.

Maybe that has to be discussed in debian-devel.

Gruß
   Klaus
- -- 
Klaus Ethgen                            http://www.ethgen.de/
pub  2048R/D1A4EDE5 2000-02-26 Klaus Ethgen <Klaus at Ethgen.de>
Fingerprint: D7 67 71 C4 99 A6 D4 FE  EA 40 30 57 3C 88 26 2B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRnfVRp+OKpjRpO3lAQJVMgf/dlu/wc1XxQQC9v/zi3Ed8rIYKLjfMA1F
7OtyfS/NkKZOh9+Sm+nrSKj8LFSOF5Rc4/AKvspEk2ReCQsw2PH4XHcgKUzGpCll
wMhxPlJG6mVooLW58E25NKBIbmnWM5rYX5i0HNoBbE3Kpdf9mWCdBDnUzyFGTdh8
gW1BokPqeevVHXAmbNjqcVjM4XnAYona07/lYgbmLtkg1J3UN7FKqJWGL8K7LtUA
E84p+9Lbv6J18x20FNgVHQ/EzqwHyDnk24O1nF6tADuf2JXzXyYcc5i4kF9LI4Ix
lF4Ltt26NWszw1RaDIuIn99YbzQ6g4+WAD4OabHcuQhe/5x3t2pTqA==
=uENy
-----END PGP SIGNATURE-----




More information about the Popcon-developers mailing list