Protecting against downloads
Karl Denninger
karl at naitc.naitc.com
Tue Sep 25 01:35:29 AEST 1990
In article <1990Sep22.024446.3305 at chinet.chi.il.us> les at chinet.chi.il.us (Leslie Mikesell) writes:
>In article <1990Sep20.153105.28394 at naitc.naitc.com> karl at bbs.naitc.com (Karl Denninger) writes:
>
>>I hope you don't allow "vi" access, or you have the bbs in a "chroot"ed area
>>with no backlinked files (ie: no linked files between the areas).
>
>What is the danger of linked files if the users don't have write permssion
>to any of them? It takes a non-trivial amount of baggage to make vi
>happy (at least on modern SysV it wants the shared libs, all of
>/usr/lib/terminfo/*/*, TMPDIR, plus the shell and whatever tools you
>need for paragraph reformatting, sorting and the like). Too bad we
>don't have read-only symlinks.
Because if the user gets root in the subshell, he can then modify the "read
only" files and possibly gain access to the main system area. The most
graphic example of this is if you are foolish enough to link /etc/passwd
(and /etc/shadow for those systems who use it) into the chrooted area. That
is as good as not having the chroot in there at all! Anyone who gets root
in the chrooted area now can change the password file in the MAIN system
area, and thus break in with ease.
>>Without source code to "vi" there is NO WAY to prevent this. Believe me.
>>I had this rather graphically illustrated to me once; it's a flaw in the
>>way vi works.
>
>Actually it's a feature of the way unix works - all the tools expect to
>be able to include all the others.
Yeah, some feature. It subverts the restricted shell instantly, and isn't
well documented in the "Bugs" section of the manual (I believe that any tool
which has this kind of property ought to make note of it in the manual
pages at a minimum!) Most people are unaware of the consequences of this
"feature" and a number have gotten caught by it over the years.
--
Karl Denninger AC Nielsen
kdenning at ksun.naitc.com
(708) 317-3285
Disclaimer: Contents represent opinions of the author; I do not speak for
AC Nielsen on Usenet.
More information about the Comp.unix.sysv386
mailing list