[rt-devel] security hole in RT's setuid handling
Jesse
jesse at fsck.com
Fri Aug 25 16:22:04 EDT 2000
Ok. I've talked to folks and it is in fact a bug that we're not clobbering
BASH_ENV. However, I have it on decent authority that LD_PRELOAD is
going to be ignored on a setuid binary anyway.
BASH_ENV will be fixed in 1.0.5.
On Tue, Aug 22, 2000 at 04:51:22PM -0400, Daniel Hagerty wrote:
> After having a fresh RT install print the following at me, I
> investigated:
>
> Insecure $ENV{BASH_ENV} while running setuid at /opt/rt/lib/rt/support/mail.pm line 137.
>
>
>
> The setuid wrapper for RT doesn't do any environment cleansing.
> Hostile users can pass in LD_PRELOAD and the like to perform arbitrary
> operations as the RT user.
>
>
> _______________________________________________
> Rt-devel mailing list
> Rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
>
--
jesse reed vincent --- root at eruditorum.org --- jesse at fsck.com
pgp keyprint: 50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
-------------------------------------------------------------
<Dr_Memory> the point is that words were exchanged. neurolinguistic
programming will do the rest. they should be showing up at my house
any day now.
More information about the Rt-devel
mailing list