From: Digestifier To: Linux-Admin@senator-bedfellow.mit.edu Reply-To: Linux-Admin@senator-bedfellow.mit.edu Date: Fri, 24 Sep 93 03:19:30 EDT Subject: Linux-Admin Digest #73 Linux-Admin Digest #73, Volume #1 Fri, 24 Sep 93 03:19:30 EDT Contents: Re: crond output=>mail problem (rich@mulvey.com) Re: [Summary] /etc/shutdown by non-root (Kenneth H. Simpson) Re: security and Linux binaries (Robert Stockmann) Setting up X? (Rick Miller) Kernel Crashing (Keith Howell) Re: Slackware series installation (Bryan Evans) Re: security and Linux binaries (Bill Bogstad) Re: crond output=>mail problem (rich@mulvey.com) Re: security and Linux binaries (Jon Hamilton) Re: Slackware series installation (Jaye Mathisen) Re: security and Linux binaries (Jonathan Magid) Re: security and Linux binaries (Jonathan Magid) Re: crond output=>mail problem (Patrick J. Volkerding) slackware/smail/uucp don't work! (JL Gomez) ---------------------------------------------------------------------------- From: rich@mulvey.com Subject: Re: crond output=>mail problem Date: Thu, 23 Sep 1993 18:49:18 GMT Bernd Meyer (root@umibox.hanse.de) wrote: : rich@mulvey.com writes: : >Hello: : > I've recently installed the full slackware 1.03 distribution. ( Which : >includes Vixie cron, smail, and elm. ) Normally, when cron runs, it : >should redirect all output to mail which is then posted to the owner of : >the crontab in question. : [...] : >which leaves an mbox.root file in /tmp. And never exits. So of course : >no mail gets sent. ( And root can run elm until the file gets : >deleted. ) : >Has anyone else encountered this partiular problem? Better yet, any : >solutions? :-) : No, I have an even better one. Whenever crond tries to send mail to some : user, it fails miserably and sends it to some adress mail remembers from : earlier sent mails. Of course, I have removed the original "mail" and : replaced it with a link to elm. Linking it to smail doesn't help at all. Actually, my setup did the same thing the first day I had it going. And then, for no reason whatsoever, it stopped. And now I've just discovered that crond has started delivering the output like it's supposed to... and I haven't changed anything here in days. Strange... - Rich -- Rich Mulvey Amateur Radio: N2VDS Rochester, NY rich@mulvey.com "Ignorance should be painful." ------------------------------ Crossposted-To: comp.unix.admin From: ken@kronos.arc.nasa.gov (Kenneth H. Simpson) Subject: Re: [Summary] /etc/shutdown by non-root Date: Thu, 23 Sep 1993 19:09:43 GMT In article smd@floyd.brooks.af.mil (Sten Drescher) writes: >On 22 Sep 1993 13:24:30 GMT, josch@pc.chemie.th-darmstadt.de (Joachim Schnitter) said: > >Joachim> : >(The script was then setuid root, of course). This seemed >Joachim> : > to work pretty well. > >Joachim> : A set-UID root shell script is equivalent to giving every user on >Joachim> : the system unrestricted root access. > >Joachim> : I suggest you find a way to do it without set-UID shell scripts. > >Joachim> Sorry to say that this seems to be real nonsense. A script is >Joachim> simply fed into a shell or another interpreter. It is the >Joachim> shell's permissions which counts - not the script's. > >Joachim> Try it out and you will see that you cannot give someone root >Joachim> permissions with a setuid root script as long as you do not >Joachim> make the shell run setuid root (The latter is equivalent to "rm >Joachim> -rf /" as root :-). > > This is on SunOS 4.1.2: > >Animal(ttyp1):smd> su >Password: >Animal# vi suidroot > >Animal# cat suidroot >#!/bin/sh >echo Hah! You\'re not root! >Animal# chmod a+x,u+s suidroot >Animal# ls -l suidroot >-rwsr-xr-x 1 root 11 Sep 22 13:52 suidroot >Animal# ls -l /bin/sh >-rwxr-xr-x 1 root 106496 Oct 23 1991 /bin/sh >Animal# exit >Animal# Animal(ttyp1):smd> suidroot >Hah! You're not root! >Animal(ttyp1):smd> -i >-i: Command not found. >Animal(ttyp1):smd> ln suidroot ./-i >Animal(ttyp1):smd> ls -l ./-i >lrwxrwxrwx 1 smd rides 8 Sep 22 14:14 ./-i -> suidroot* >Animal(ttyp1):smd> ./-i >Hah! You're not root! >Animal(ttyp1):smd> -i ># whoami >root ># > > > Does this convince you that a suid root script, with any name, >can be used to become root, even if the shell that executes it is not >suid root? >-- >Sten Drescher smd@floyd.brooks.af.mil >#include >vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv >An email reply to this USENET article gives me permission > to quote any or all of it in a future USENET article. >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ You might want to make it executable by everyone - it should be clear if the other or group executable bit isn't set then only root can execute the script. -- ============================================================================== Kenneth Simpson NASA Internet: ken@ptolemy.arc.nasa.gov Ames Research Center, MS/269-1 UUCP: ames!ptolemy!ken Moffett Field, CA 94035-1000 ------------------------------ From: stock@dutsh7.tudelft.nl (Robert Stockmann) Subject: Re: security and Linux binaries Date: Fri, 24 Sep 1993 02:04:44 GMT ritchiej@osshe.edu (John Ritchie) writes: >Hello fellow Linux sysadmins... >Recently I was reading some Unix System's administration book or other, >and in this book it mentioned that a security-conscious sysadmin should >"never" use pre-compiled binaries supplied by an unknown (such as >Public Domain) source, especially programs that run setuid root or >handle sensitive things such as passwords. The book, furthermore, >stated that a sysadmin should carefully read through any public-domain >source code (or other source code of questionable, well, source) before >compiling it, and not compile it if there is anything that isn't >understood. >Although I think that the above view is a bit on the paranoid side, it >does raise a hairy question for the Linux community. Most Linux users >are _extremely_ vulnerable to security attacks, especially since Linux >is becoming so popular among Unix neophytes who install binaries >packaged by a thousand different "vendors", without reading or >understanding the source code. In such an environment of sharing and >trust among Linux users it would be child's play to propagate any >number of hidden surprises inside packages that would be freely passed >around a huge community. >I guess the point I want to make is three-fold: First, users, be aware >of the possibility that binaries you use may not be as secure as you >assume they are; Second, packagers (such as SLS or Slackware), many >users are trusting your packages to contain clean binaries so YOU >should be sure that they all are clean; and thirdly, this problem once >again points out the importance of the Copyleft policy of having >source-code freely available. If you can't find source code for >something to inspect and compile yourself, realize that you're taking >an increased risk by using that package. For example, users of >"termtelnet," to name one, should think about the fact that this is a >program for which we can't find the source code (I, and several other >posters on comp.os.linux.help), that may pose a serious security risk >(do we know everything that happens when we answer the "Password:" >prompt?). >I don't mean to denigrate Linux in any way with this post, I think that >the whole Linux concept of freely shared development and use is part of >what makes it such a fantastic operating system. But I do want to >point out one danger that is inherent in such an environment. Well i think you have made a good point here. But if i get problems with e.g. SLS1.03 i know imediately who is to blame: The guys from tsx-11.mit.edu. Because thats where i ftp it from. And i think they can be trusted. Same story holds for linux on CD-ROM. so... happy linuxing :) >John Ritchie >ritchiej@ucs.orst.edu Robert Stockmann ------------------------------ From: rick@ee.uwm.edu (Rick Miller) Subject: Setting up X? Date: 23 Sep 1993 20:17:14 GMT I know that some may think this belongs in an X newsgroup, but it's specifically about setting up X under the latest TAMU release... Has anyone set up X Windows (using xdm) under TAMU.99pl12+ ??? I just can't seem to get it to work, and I can't figure out why not. Starting up X with "startx" works fine... for root, but not for users. What's up? Am I missing something really simple? RICK MILLER Voice: +1 414 221-3403 P.O. BOX 1759 FAX: +1 414 221-4744 MILWAUKEE, WI Send a postcard and I'll send one back. 53150-1759 USA Sendu bildkarton kaj mi retrosendos unu. ------------------------------ From: kch@edgtech.demon.co.uk (Keith Howell) Subject: Kernel Crashing Date: Thu, 23 Sep 1993 16:02:58 +0000 I have linux running on two different machines and both of them will crash as various times. The hardware :- 386/20, 387 copro, 8Mb ram, 300Mb ESDI hdd, clone ne2000 486/50, 16Mb ram, 500 + 340 Mb SCSI hdd, Adaptec 1542B, clone ne2000 The software :- SLS 102 based installation. pl10 kernel ethernet drivers hard coded (auto probe hangs with my cards :-( ) The problems :- The 486 machine invariable just dies. No keyboard response, nothing. system requires re-boot. The 386 machine either hangs or panics with the following information :- ======================================= GENERAL PROTECTION: EIP: 0010:000303a9 EFLAGS: 00010282 eax: 000000f8 ebx: f8f8f8f8 ecx: 00524000 edx: 0000af26 esi: 00524000 edi: 0067f600 ebp: 00000000 ds: 0018 es: 0018 fs: 002b gs:002b Pid: 0, process nr: 0 task[0] (swapper) killed: unable to recover Kernel Panic: Trying to free up swapper memory space In swapper task - not syncing ========================================== the next time the register addresses were the same except :- ecx: 00543000 edx: 0012c21d esi: 00543000 edi: 00662800 and the line :- 8a 43 24 24 01 74 1f 85 ff 74 was positioned after the 'Pid: 0 ......' line Please could someone tell me what is causing these crashes, or let me know where I can look to find the relevant information. Many thanks in advance. I look forward to your replies. -- ,---------------------------+----------------------------------------------. | Keith Howell | EdgTech International Ltd, 4/5 North Bar St, | | kch@edgtech.demon.co.uk | Banbury, OX16 0TB, United Kingdom. | ------------------------------ From: bde2161@tamsun.tamu.edu (Bryan Evans) Subject: Re: Slackware series installation Date: 23 Sep 1993 15:39:43 -0500 In article <1993Sep23.001617.10750@mixcom.mixcom.com>, Kenton.Sinner wrote: >I recently installed slackware 1.0.2, but I only installed the >"a" series. I now wish to install the "x" series, but I can't >find the command to do so in any documentation. >Could someone please clue me in on the command to use? >Thanks greatly. > Well, there is a program called pkgtool on the boot disk for Slackware, but for some reason it was not included in the install set. You can just boot using this disk, and then mount the root filesystem and copy that file to the root system so you can use it when you need to, or I guess you could just install the new set after booting from the floppy. >-- >Kenton.Sinner@mixcom.com Hope this helps, Bryan Evans evans@batman.tamu.edu alian@tamu.edu ------------------------------ From: bogstad@blaze.cs.jhu.edu (Bill Bogstad) Subject: Re: security and Linux binaries Date: Thu, 23 Sep 1993 21:08:05 GMT In article <27q3rk$99l@osshe.edu>, John Ritchie wrote: > >Hello fellow Linux sysadmins... > >[For a secure system don't use precompiled binaries. Get the sources.] >... >I guess the point I want to make is three-fold: First, users, be aware >of the possibility that binaries you use may not be as secure as you >assume they are; Second, packagers (such as SLS or Slackware), many >users are trusting your packages to contain clean binaries so YOU >should be sure that they all are clean; and thirdly, this problem once >again points out the importance of the Copyleft policy of having >source-code freely available. ... I agree with you in general; but binary distributions are not going to go away. One thing that might help (a little) is if people who put together packages would provide some kind of checksum of the package as a whole. This would not only help to verify that the binary XWYSIWIG 2.0 release that you just downloaded is clean (according to the original packager); but would also help to quickly find the occassional corrupted file that occurs. Since checksums are much smaller then whole packages; they could be distributed through some other channel then binaries. This may only work for the larger packages that have recognized authors; but it still would be an improvement. Bill Bogstad ------------------------------ From: rich@mulvey.com Subject: Re: crond output=>mail problem Date: Thu, 23 Sep 1993 23:04:40 GMT Bernd Meyer (root@umibox.hanse.de) wrote: : rich@mulvey.com writes: : >Hello: : > I've recently installed the full slackware 1.03 distribution. ( Which : >includes Vixie cron, smail, and elm. ) Normally, when cron runs, it : >should redirect all output to mail which is then posted to the owner of : >the crontab in question. : [...] : >which leaves an mbox.root file in /tmp. And never exits. So of course : >no mail gets sent. ( And root can run elm until the file gets : >deleted. ) : >Has anyone else encountered this partiular problem? Better yet, any : >solutions? :-) : No, I have an even better one. Whenever crond tries to send mail to some : user, it fails miserably and sends it to some adress mail remembers from : earlier sent mails. Of course, I have removed the original "mail" and : replaced it with a link to elm. Linking it to smail doesn't help at all. I've discovered what the problem is. When crond tries to send mail, it uses the command line sh -c /bin/mail -d user Since the slackware 1.03 mkconfig program relinks elm to /bin/mail, it chokes on the -d switch, and starts interpreting the contents of the output file as commands, etc. So it royally screws things up. As a temporary fix, I've edited crond so that the "-d" switch isn't used, and everything seems to be OK now. Does anyone know *why* crond is using that switch? - Rich -- Rich Mulvey Amateur Radio: N2VDS Rochester, NY rich@mulvey.com "Ignorance should be painful." ------------------------------ From: jdh@iastate.edu (Jon Hamilton) Subject: Re: security and Linux binaries Date: Thu, 23 Sep 1993 23:20:59 GMT In article stock@dutsh7.tudelft.nl (Robert Stockmann) writes: >ritchiej@osshe.edu (John Ritchie) writes: > > >>Hello fellow Linux sysadmins... [good advice deleted] > > >Well i think you have made a good point here. But if i get problems >with e.g. SLS1.03 i know imediately who is to blame: The guys from >tsx-11.mit.edu. Because thats where i ftp it from. And i think they Er, they just make it available for ftp. If you got it from sunsite, would you blame them if something was wrong? If you got it from a friend who would you blame? The friend? He (probably) just got it from another site, and that is exactly what happens with ftp. They just get it from somewhere else and make it available. If you think every ftp site tests every piece of software available on their site, you're nuts. Especially with binaries; they'd have to have the inclination to test everything, plus the hardware to do it on. If there's something wrong with a distribution, (and the problem really does originate with the distribution), blame it on the person(s) who packaged it. Don't blame the guy who passes it along as a favor. -- ==================================================================== = Jon Hamilton | "I guess irony can be pretty ironic sometimes" = = jdh@iastate.edu | -- Airplane = ==================================================================== ------------------------------ From: osyjm@cs.montana.edu (Jaye Mathisen) Subject: Re: Slackware series installation Date: 24 Sep 1993 01:35:22 GMT In article <27t1if$p2a@tamsun.tamu.edu>, Bryan Evans wrote: >Well, there is a program called pkgtool on the boot disk for Slackware, >but for some reason it was not included in the install set. You can just Slackware installed it for me, off the 1.0.2 disks, perhaps something went wrong during your install. -- Jaye Mathisen, COE Systems Manager (406) 994-4780 410 Roberts Hall,Dept. of Computer Science Montana State University,Bozeman MT 59717 osyjm@cs.montana.edu ------------------------------ From: jem@sunSITE.unc.edu (Jonathan Magid) Subject: Re: security and Linux binaries Date: 24 Sep 1993 05:12:46 GMT In article <27q3rk$99l@osshe.edu>, John Ritchie wrote: > an increased risk by using that package. For example, users of >"termtelnet," to name one, should think about the fact that this is a >program for which we can't find the source code (I, and several other >posters on comp.os.linux.help), that may pose a serious security risk >(do we know everything that happens when we answer the "Password:" >prompt?). > Your point is well taken- the only true security is intimacy with the source code (just a casual glance won't do), but for cases like the about, the strace tool can provide some level of assurance. Strace(1) gives a listing of all the system calls used by a binary- run it on suspicious binaries to find out what is going on. jem. ------------------------------ From: jem@sunSITE.unc.edu (Jonathan Magid) Subject: Re: security and Linux binaries Date: 24 Sep 1993 05:14:34 GMT In article <27q3rk$99l@osshe.edu>, John Ritchie wrote: > >source-code freely available. If you can't find source code for >something to inspect and compile yourself, realize that you're taking >an increased risk by using that package. For example, users of >"termtelnet," to name one, should think about the fact that this is a >program for which we can't find the source code (I, and several other >posters on comp.os.linux.help), that may pose a serious security risk >(do we know everything that happens when we answer the "Password:" >prompt?). Your point is well taken- the only true security is intimacy with the source code (just a casual glance won't do), but for cases like the above, the strace tool can provide some level of assurance. Strace(1) gives a listing of all the system calls used by a binary- run it on suspicious binaries to find out what is going on. jem. ------------------------------ From: bf703@cleveland.Freenet.Edu (Patrick J. Volkerding) Subject: Re: crond output=>mail problem Date: 24 Sep 1993 05:40:54 GMT Reply-To: bf703@cleveland.Freenet.Edu (Patrick J. Volkerding) In a previous article, rich@mulvey.com () says: > > I've discovered what the problem is. > > When crond tries to send mail, it uses the command line > > sh -c /bin/mail -d user > Indeed! :^) The "-d" flag is included in the config.h file that comes with Vixie Cron. Apparently some systems use it to signal local mail delivery and save a little CPU time. The config.h comments do note that the flag is undocumented. Although "mail" will accept it, elm doesn't like it at all. I've recompiled crond so that it no longer uses this flag. The binary can be found on ftp.cdrom.com in /pub/linux/binaries. The binary in bin.tgz will be fixed soon, too. -- Patrick Volkerding volkerdi@mhd1.moorhead.msus.edu bf703@cleveland.freenet.edu ------------------------------ Crossposted-To: comp.os.linux.help,comp.os.linux From: gomez@enuxsa.eas.asu.edu (JL Gomez) Subject: slackware/smail/uucp don't work! Date: Fri, 24 Sep 1993 06:01:49 GMT I've upgraded to Slackware 1.03 and have TCP/IP, UUCP, ELM, and SMAIL installed. This combo of tcp/ip-uucp-smail-elm worked fine under 1.02 of slackware for calling my uucp smart host. Now under 1.03 of slackware no outgoing mail is sent at all. I've read all the FAQ's and changed every occurence of smtp to uucp but still no go. Thanks for the help! -- gomez@enuxsa.eas.asu.edu ------------------------------ ** FOR YOUR REFERENCE ** The service address, to which questions about the list itself and requests to be added to or deleted from it should be directed, is: Internet: Linux-Admin-Request@NEWS-DIGESTS.MIT.EDU You can send mail to the entire list (and comp.os.linux.admin) via: Internet: Linux-Admin@NEWS-DIGESTS.MIT.EDU Linux may be obtained via one of these FTP sites: nic.funet.fi pub/OS/Linux tsx-11.mit.edu pub/linux sunsite.unc.edu pub/Linux End of Linux-Admin Digest ******************************