Linux Advisory Watch – July 8, 2005

22

Author: Benjamin D. Thomas

This week, advisories were released for crip, Network Manager, HelixPlayer,
gedit, gzip, selinux, gnome, openssh, libwpd, openoffice, openssh, binutils,
totem, rgmanager, magma-plugins, iddev, fence, dlm, cman, css, GFS, mod_perl,
Heimdal, and sudo. The distributors include Debian, Fedora, Gentoo, and Red
Hat.Linux File & Directory Permissions Mistakes
By: Pax Dickinson

Greetings, gentle reader, and welcome to linuxsecurity.com and our new recurring
series of articles on security related mistakes and how to avoid them. I’m your
host, Pax Dickinson, and today we’ll be reviewing basic Linux file and directory
permissions and how to avoid some common pitfalls in their use, in this episode
of Hacks From Pax.

One common mistake Linux administrators make is having file and directory
permissions that are far too liberal and allow access beyond that which
is needed for proper system operations. A full explanation of unix file
permissions is beyond the scope of this article, so I’ll assume you are
familiar with the usage of such tools as chmod, chown, and chgrp. If you’d
like a refresher, one is available right here on linuxsecurity.com.

I’ve witnessed systems administrators whose response to a user complaining
about being denied access to a given file is to chmod 777 the file (or
entire directory tree) in question. This is an absolutely disastrous
security practice, the administrator has just granted write access to the
file to any user on the system. Any compromised service will allow an
attacker to modify the file, which could result in further access
depending on the file in question. For example, an attacker gaining
write access to a script that is occasionally run by root can parlay
this seemingly minor security hole into full root access for himself.

  • Never make files world-writable. Most files do not need to be world readable
    either.

  • You can search for world-writable files under your current directory by issuing
    the following command: find . -perm -2 -print

A related mistake is in the misuse of suid root binaries. These are
programs which can be launched by a user but run with all the privileges
of root. These programs are needed to perform tasks such as changing a
user’s password, since that requires a write to the system’s password
file which normally cannot be modified by anyone but root. A flaw that
allows an attacker to gain a shell prompt in such a program can give an
attacker root access to the system. These binaries should be carefully
limited and must be kept up to date with appropriate security patches
to minimize their risk. A common backdoor installed by successful
attackers is a copy of/bin/sh set suid root. This can be run by any
user on the system, without a password, and will result in full root
access.

Read Complete Article:
http://www.linuxsecurity.com/content/view/119415/4 9/

 

LinuxSecurity.com
Feature Extras:

Getting
to Know Linux Security: File Permissions
– Welcome to the first
tutorial in the ‘Getting to Know Linux Security’ series. The topic explored
is Linux file permissions. It offers an easy to follow explanation of how
to read permissions, and how to set them using chmod. This guide is intended
for users new to Linux security, therefore very simple. If the feedback is
good, I’ll consider creating more complex guides for advanced users. Please
let us know what you think and how these can be improved.

The
Tao of Network Security Monitoring: Beyond Intrusion Detection

– To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to
provide any relevance to network engineers/administrators working in a corporate
environment. Budgets, deadlines, and flexibility are issues that we must all
address. The Tao of Network Security Monitoring is presented in such a way
that all of these are still relevant.

Encrypting
Shell Scripts
– Do you have scripts that contain sensitive information
like passwords and you pretty much depend on file permissions to keep it secure?
If so, then that type of security is good provided you keep your system secure
and some user doesn’t have a “ps -ef” loop running in an attempt to capture
that sensitive info (though some applications mask passwords in “ps” output).

 

Take advantage of our Linux Security discussion
list!
This mailing list is for general security-related questions and comments.
To subscribe send an e-mail to security-discuss-request@linuxsecurity.com
with “subscribe” as the subject.

Thank you for reading the LinuxSecurity.com
weekly security newsletter. The purpose of this document is to provide our readers
with a quick summary of each week’s most relevant Linux security headline
.


   Debian
  Debian: New crip packages fix insecure
temporary files
  30th, June, 2005

 
   Fedora
  Fedora Core 4 Update: NetworkManager-0.4-18.FC4
  24th, June, 2005

This update to NetworkManager includes a number of enhancements.

http://www.linuxsecurity.com/content/view/119413

 
  Fedora Core 3 Update: kernel-2.6.11-1.35_FC3
  24th, June, 2005

 
  Fedora Core 4 Update: HelixPlayer-1.0.5-1.fc4.2
  27th, June, 2005

 
  Fedora Core 3 Update: HelixPlayer-1.0.5-0.fc3.2
  27th, June, 2005

 
  Fedora Core 3 Update: gedit-2.8.1-2.fc3.1
  27th, June, 2005

An updated gedit package that fixes a file name format string
vulnerability is now available.

http://www.linuxsecurity.com/content/view/119419

 
  Fedora Core 4 Update: gedit-2.10.2-4
  27th, June, 2005

An updated gedit package that fixes a file name format string
vulnerability is now available.

http://www.linuxsecurity.com/content/view/119420

 
  Fedora Core 3 Update: gzip-1.3.3-15.fc3
  27th, June, 2005

In this gzip update there are fixed three small security problems.

http://www.linuxsecurity.com/content/view/119423

 
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.13
  27th, June, 2005

 
  Fedora Core 4 Update: gnome-panel-2.10.1-10.1
  28th, June, 2005

 
  Fedora Core 3 Update: openssh-3.9p1-8.0.2
  28th, June, 2005

This is a bug fix update fixing two bugs in ssh client and server
code..

http://www.linuxsecurity.com/content/view/119431

 
  Fedora Core 4 Update: libwpd-0.8.2-1.fc4
  29th, June, 2005

Better handle broken wordperfect documents

http://www.linuxsecurity.com/content/view/119437

 
  Fedora Core 4 Update: openoffice.org-1.9.112-1.1.0.fc4
  29th, June, 2005

 
  Fedora Core 3 Update: openssh-3.9p1-8.0.2
(corrected)
  29th, June, 2005

This is a bug fix update fixing two bugs in ssh client and server
code.

http://www.linuxsecurity.com/content/view/119439

 
  Fedora Core 3 Update: selinux-policy-targeted-1.17.30-3.15
  29th, June, 2005

 
  Fedora Core 4 Update: selinux-policy-targeted-1.23.18-17
  29th, June, 2005

 
  Fedora Core 3 Update: binutils-2.15.92.0.2-5.1
  29th, June, 2005

 
  Fedora Core 4 Update: binutils-2.15.94.0.2.2-2.1
  29th, June, 2005

 
  Fedora Core 4 Update: totem-1.0.4-1
  29th, June, 2005

 
  Fedora Core 4 Update: rgmanager-1.9.34-5
  29th, June, 2005

 
  Fedora Core 4 Update: magma-plugins-1.0.0-2
  29th, June, 2005

 
  Fedora Core 4 Update: iddev-2.0.0-1
  29th, June, 2005

 
  Fedora Core 4 Update: magma-1.0.0-1
  29th, June, 2005

 
  Fedora Core 4 Update: gulm-1.0.0-2
  29th, June, 2005

 
  Fedora Core 4 Update: fence-1.32.1-1
  29th, June, 2005

 
  Fedora Core 4 Update: dlm-1.0.0-3
  29th, June, 2005

 
  Fedora Core 4 Update: cman-1.0.0-1
  29th, June, 2005

 
  Fedora Core 4 Update: ccs-1.0.0-1
  29th, June, 2005

 
  Fedora Core 4 Update: GFS-6.1.0-3
  29th, June, 2005

 
  Fedora Core 4 Update: mod_perl-2.0.1-1.fc4
  29th, June, 2005

So FC4 will no longer depend on a pre-release…

http://www.linuxsecurity.com/content/view/119455

 
   Gentoo
  Gentoo: Clam AntiVirus Denial of Service
vulnerability
  27th, June, 2005

Clam AntiVirus is vulnerable to a Denial of Service attack when
processing certain Quantum archives.

http://www.linuxsecurity.com/content/view/119421

 
  Gentoo: Heimdal Buffer overflow vulnerabilities
  29th, June, 2005

Multiple buffer overflow vulnerabilities in Heimdal’s telnetd
server could allow the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/119434

 
   Red
Hat
  RedHat: Moderate: sudo security update
  29th, June, 2005

An updated sudo package is available that fixes a race condition
in sudo’s pathname validation. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/119436