Re: Permission policy

[ruud@ruud.org (Ruud de Rooij)]

Radovan Garabik <garabik@melkor.dnp.fmph.uniba.sk> writes:

> On Thu, Mar 16, 2000 at 01:43:22AM +0100, Bernd Eckenfels wrote:
> > BTW: there is a idea for settig groups for console access to devices
> > like cdrom, floppy, sound, mic, cam... so each user who logs into the
> > sonsole will get added to that groups, then your program does not need to be
> > sgid anyrthing, which is bad anyway since everybody even on networked
> > terminal could start it.
> 
> I am by setting all linux installations this way:
> I add this line to /etc/security/group.conf:
> login;tty?|tty??&!ttyp*;*;Al0000-2400;floppy, audio
> and configure pam to use it.

This has a trivial "attack".  Once someone logs in to the console, he
is a member of the floppy group, therefore he can do the following:

cp /bin/sh ~
chgrp floppy ~/sh
chmod g+s ~/sh

And later when he logs in through the network, he simply runs

~/sh

to regain access to the floppy group.

(of course, this attack can be prevented using mount options to
disable setgid executables on all filesystems where users have write
access)

	- Ruud de Rooij.
-- 
ruud de rooij | *@spam.ruud.org | http://ruud.org