Re: Disturbing news..

From: Ben Ford (ben@kalifornia.com)
Date: Wed Mar 28 2001 - 06:57:44 EST


Simon Williams wrote:

> In message <20010328100440.A5941@zalem.puupuu.org>, Olivier Galibert
> <galibert@pobox.com> writes
>
>> On Wed, Mar 28, 2001 at 03:04:46PM +0100, Simon Williams wrote:
>>
>>> I think their point was that a program could only change permissions
>>> of a file that was owned by the same owner. If a file is owned by a
>>> different user & has no write permissions for any user, the program
>>> can't modify the file or it's permissions.
>>
>> You mean, you usually have write permissions for other than the owner
>> on executable files?
>>
>> Let me reformulate that. You usually have write permissions for other
>> than the owner, and not only on some special, untrusted log files (I'm
>> talking files, here, not device nodes)? What's your umask, 0?
>>
>
> Firstly, I'm relatively new to Linux (only about 3 yrs experience) &
> don't claim to be an expert. Secondly, I don't think I stated my point
> very clearly.
>
> No, I don't have write permissions set on an executable for any user
> other than the owner.
>
> What I meant was that if a file is owned by root with permissions of,
> say, 555 (r-xr-xr-x), not setuid or setgid, then another executable
> run as a non-root user cannot modify it or change the permissions to
> 7 (rwx).

There are two problems I see here. First, there are several known ways
to elevate privileges. If a virus can elevate privileges, then it owns
you. Second, this is a multi-OS virus. If you dual-boot into Windows,
any ELF files accessible can be infected. With this one, that isn't a
prob, but when somebody codes in an ext2 driver to their virus, then
we've got issues.

-b

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sat Mar 31 2001 - 21:00:19 EST