Re: hole in sudo for MP-RAS.

Cy Schubert - ITSD Open Systems Group (cschuber@uumail.gov.bc.ca)
Mon, 12 Jan 1998 15:20:49 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: CPIO Advisory Role Account: "CPSN 9:971208: Solaris /var Permission Problems"
Previous message: Aleph One: "Q179129: STOP 0x0000000A Due to Modified Teardrop Attack"
Maybe in reply to: osiris@COURIER.CB.LUCENT.COM: "hole in sudo for MP-RAS."
Next in thread: Todd C. Miller: "Re: hole in sudo for MP-RAS."

> There is a bug in sudo versions (at least) 1.5.2 and 1.5.3 on NCR's MP-RAS
> that makes it trivial to bypass sudo's restrictions. I reported this to
> the sudo-bugs address given in the source on 12/23/97, but never heard back,
> so screw 'em. It is important to note that MP-RAS is one of the platforms
> listed in the RUNSON file included with the distribution, so there are
> probably many people running this; I imagine you will want to reconsider it
> if you are one of them.

This bug exists on all platforms. Sudo does not handle relative directories
properly . ../../../usr/bin/date would also bypasses the access list.

In short inclusion lists are are safe. Exclusion lists are not safe.

> --jml

Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
Cy.Schubert@gems8.gov.bc.ca

"Quit spooling around, JES do it."

Next message: CPIO Advisory Role Account: "CPSN 9:971208: Solaris /var Permission Problems"
Previous message: Aleph One: "Q179129: STOP 0x0000000A Due to Modified Teardrop Attack"
Maybe in reply to: osiris@COURIER.CB.LUCENT.COM: "hole in sudo for MP-RAS."
Next in thread: Todd C. Miller: "Re: hole in sudo for MP-RAS."