Path: utzoo!attcan!uunet!mcvax!ukc!warwick!cudcv
From: cudcv@warwick.ac.uk (Rob McMahon)
Newsgroups: comp.unix.wizards
Subject: Re: Re: The Internet Virus--Another issue
Message-ID: <66@titania.warwick.ac.uk>
Date: 10 Dec 88 21:45:00 GMT
References: <17849@glacier.STANFORD.EDU> <4470010@hpindda.HP.COM> <1026@ccnysci.UUCP> <6624@csli.STANFORD.EDU>
Reply-To: cudcv@warwick.ac.uk (Rob McMahon)
Organization: Computing Services, Warwick University, UK
Lines: 19

In article <6624@csli.STANFORD.EDU> wagenr@arisia.xerox.com (Juergen Wagner) writes:
>And if you're installing fingerd as setuid/setgid to nobody/nobody, you're
>pretty safe with these two guys, I think.

If you're using NFS where some remote accesses get done as nobody, I should
think hard about this, since your setuid program could be replaced by
anything, which will probably get run as root.  You should be okay if you
trust root on all the systems you export the filesystem to, but the idea of
nobody is that it has no privileges, and this seems to be breaking that idea.
If you've got an inetd.conf that takes a user to run the daemon as, I would
also be careful about using users with -ve uids, someone said this can cause
the daemon to get run as root when e.g. setuid(-2) fails (setuid expecting a
0 <= number < 2^16).

Rob
-- 
UUCP:   ...!mcvax!ukc!warwick!cudcv	PHONE:  +44 203 523037
JANET:  cudcv@uk.ac.warwick             ARPA:   cudcv@warwick.ac.uk
Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England