[rt-devel] security hole in RT's setuid handling
Jesse
jesse at fsck.com
Tue Aug 22 19:04:58 EDT 2000
Folks,
I'm stuck in the wilds of Connecticut until tomorrow evening. If
anyone has a bit of spare time to start to research and put together
a patch for or replacement of the setuid script to deal with the issue
Daniel reported, I'd appreciate it greatly. I'd very much like to get
this fixed in the next few days and get a fix out by the end of the weekend.
Thanks,
Jesse
On Tue, Aug 22, 2000 at 04:51:22PM -0400, Daniel Hagerty wrote:
> After having a fresh RT install print the following at me, I
> investigated:
>
> Insecure $ENV{BASH_ENV} while running setuid at /opt/rt/lib/rt/support/mail.pm line 137.
>
>
>
> The setuid wrapper for RT doesn't do any environment cleansing.
> Hostile users can pass in LD_PRELOAD and the like to perform arbitrary
> operations as the RT user.
>
>
> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
>
--
jesse reed vincent --- root at eruditorum.org --- jesse at fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
-------------------------------------------------------------
As I sit here alone looking at green text on a laptop in a mostly bare room listening
to loud music wearing all black, I realize that that it is much less cool in real life :)
--Richard Tibbets
More information about the Rt-devel
mailing list