Hi,
When php3 module is compiled in apache, files in any directory will
be interpreted by the parser and executed. This is a security breach.
There is a way to correct this? Any comments?
Thanks,
lacj
---
<levy@null.net>
Levy Carneiro Jr.
Linux & Network Admin
From mail@mail.redhat.com Sat May 8 02:32:02 1999
Received: (qmail 28372 invoked from network); 8 May 1999 07:05:57 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 May 1999 07:05:57 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id CAA21355
for <linux-security@redhat.com>; Sat, 8 May 1999 02:32:02 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id IAA07625
for <linux-security@redhat.com>; Sat, 8 May 1999 08:31:58 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id IAA00369
for linux-security@redhat.com; Sat, 8 May 1999 08:31:54 +0200
Received: from pop.vuurwerk.nl
by localhost with POP3 (fetchmail-4.7.5)
Approved: R.E.Wolff@BitWizard.nl
for wolff@localhost (single-drop); Fri, 07 May 1999 19:14:04 +0200 (MEST)
Received: by haarlem-2.vuurwerk.nl (mbox bitwiz)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Fri May 7 19:14:03 1999)
X-From_: linux-security-request@redhat.com Fri May 7 19:12:43 1999
Received: from leeuwarden.vuurwerk.nl (IDENT:root@leeuwarden.vuurwerk.nl
[194.178.232.16])
by haarlem-2.vuurwerk.nl (8.9.3/8.9.1) with ESMTP id TAA11222
for <bitwiz@haarlem-2.vuurwerk.nl>; Fri, 7 May 1999 19:12:42 +0200
Received: from lists.redhat.com (lists.redhat.com [199.183.24.247])
by leeuwarden.vuurwerk.nl (8.9.2/8.9.1) with SMTP id TAA23489
for <r.e.wolff@BitWizard.nl>; Fri, 7 May 1999 19:12:41 +0200 (CEST)
Received: (qmail 32496 invoked by uid 501); 7 May 1999 17:39:51 -0000
Received: (qmail 32465 invoked from network); 7 May 1999 17:39:50 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 7 May 1999 17:39:50 -0000
Received: from redhat1.mmaero.com (jlewis@redhat1.mmaero.com [208.152.224.2])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id NAA09811;
Fri, 7 May 1999 13:06:19 -0400
From: jlewis@lewis.org
Received: from localhost (jlewis@localhost)
by redhat1.mmaero.com (8.8.7/8.8.7) with ESMTP id MAA15421;
Fri, 7 May 1999 12:01:50 -0400
Date: Fri, 7 May 1999 12:01:50 -0400 (EDT)
X-Sender: jlewis@redhat1.mmaero.com
To: Gregory A Lundberg <lundberg@vr.net>
cc: Lisa L Berdeja <lberdeja@2xtreme.net>, wu-ftpd@wugate.wustl.edu,
bugs@redhat.com, linux-security@redhat.com
Subject: Re: Redhat Linux 6.0 Problem
In-Reply-To: <Pine.LNX.4.04.9905071137130.14885-100000@redhat1.mmaero.com>
Message-ID: <Pine.LNX.4.04.9905071158110.14885-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-moderate: yes
Status: RO
On Fri, 7 May 1999 jlewis@lewis.org wrote:
> # ldd ./ls
> /lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0x40014000)
> libc.so.6 => /lib/libc.so.6 (0x4001c000)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
>
> I've never heard of libNoVersion. All the /home/ftp/bin stuff in 6.0
uses
> it...but it doesn't exist. Perhaps that's got something to do with
> it...but its odd that the programs work when I chroot there and run them.
>
> > Oh, and are you using symlinks? If so, there's your problem.
Symlinks
>
> No symlinks except for zcat -> gzip. This is a standard Red Hat
> installation. It looks like they just screwed up the wu-ftpd package and
> will probably issue an update sometime soon. For me, this isn't a huge
> issue. I'm not using RH 6.0 on production servers yet. I like to wait
a
> few weeks after new releases and see how much stuff they broke and then
> either wait for the updates or use the source.
I just noticed another really wierd thing. For some reason the anonftp
package on Red Hat (at least 5.2 and 6.0) that includes the libs and bins
needed for wu-ftpd to work for anonymous FTP includes what seems to be a
copy of /bin/ash as /home/ftp/bin/sh. Why the heck would they include a
bourne shell in the anon bin directory?
----don't waste your cpu, crack rc5...www.distributed.net team enzo---
Jon Lewis *jlewis@lewis.org*| Spammers will be winnuked or
System Administrator | nestea'd...whatever it takes
Atlantic Net | to get the job done.
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
From mail@mail.redhat.com Sat May 8 02:48:48 1999
Received: (qmail 7548 invoked from network); 8 May 1999 07:22:35 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 May 1999 07:22:34 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id CAA23163
for <linux-security@redhat.com>; Sat, 8 May 1999 02:48:48 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id IAA07744
for <linux-security@redhat.com>; Sat, 8 May 1999 08:48:45 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id IAA00407
for linux-security@redhat.com; Sat, 8 May 1999 08:48:45 +0200
Received: from pop.vuurwerk.nl
by localhost with POP3 (fetchmail-4.7.5)
Approved: R.E.Wolff@BitWizard.nl
for wolff@localhost (single-drop); Sat, 08 May 1999 08:46:09 +0200 (MEST)
Received: by haarlem-2.vuurwerk.nl (mbox bitwiz)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Sat May 8 08:46:09 1999)
X-From_: linux-security-request@redhat.com Sat May 8 08:44:43 1999
Received: from leeuwarden.vuurwerk.nl (IDENT:root@leeuwarden.vuurwerk.nl
[194.178.232.16])
by haarlem-2.vuurwerk.nl (8.9.3/8.9.1) with ESMTP id IAA16923
for <bitwiz@haarlem-2.vuurwerk.nl>; Sat, 8 May 1999 08:44:43 +0200
Received: from lists.redhat.com (lists.redhat.com [199.183.24.247])
by leeuwarden.vuurwerk.nl (8.9.2/8.9.1) with SMTP id IAA26215
for <r.e.wolff@BitWizard.nl>; Sat, 8 May 1999 08:44:42 +0200 (CEST)
Received: (qmail 767 invoked by uid 501); 8 May 1999 07:18:25 -0000
Received: (qmail 12422 invoked from network); 8 May 1999 07:13:14 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 May 1999 07:13:14 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id CAA22314;
Sat, 8 May 1999 02:39:25 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id IAA07685;
Sat, 8 May 1999 08:39:13 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id IAA00377;
Sat, 8 May 1999 08:39:12 +0200
Message-Id: <199905080639.IAA00377@cave.BitWizard.nl>
Subject: Re: Redhat Linux 6.0 Problem
In-Reply-To: <Pine.LNX.4.04.9905071158110.14885-100000@redhat1.mmaero.com>
from "jlewis@lewis.org" at "May 7, 99 12:01:50 pm"
To: jlewis@lewis.org
Date: Sat, 8 May 1999 08:39:12 +0200 (MEST)
Cc: lundberg@vr.net, lberdeja@2xtreme.net, wu-ftpd@wugate.wustl.edu,
bugs@redhat.com, linux-security@redhat.com
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
X-Mailer: ELM [version 2.4ME+ PL37 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-moderate: yes
jlewis@lewis.org wrote:> I just noticed another really wierd thing. For some reason the anonftp
> package on Red Hat (at least 5.2 and 6.0) that includes the libs and bins
> needed for wu-ftpd to work for anonymous FTP includes what seems to be a
> copy of /bin/ash as /home/ftp/bin/sh. Why the heck would they include a
> bourne shell in the anon bin directory?
I've done "dir patch*" to get a listing of all the patches at
ftp.kernel.org.
The "*" expansion is something a shell does. My guess is that they
didn't want to duplicate the wildcard expansion into wu-ftpd.
Note that a shell doesn't have any special privileges. So, indeed for
convenience, exploits regularly do 'exec ("/bin/sh")', but in
fact
while (1) {
read (0, buf, 1024);
if (fork ()) exit (exec (buf));
wait (...);
}
is a simple shell-substitiute, and short enough to be carried in an
exploit of a few hundred bytes.
Regards,
Roger Wolff.
--
** R.E.Wolff@BitWizard.nl ** http://www.BitWizard.nl/ ** +31-15-2137555 **
*-- BitWizard writes Linux device drivers for any device you may have! --*
------ Microsoft SELLS you Windows, Linux GIVES you the whole house ------
From mail@mail.redhat.com Sat May 8 03:11:09 1999
Received: (qmail 10146 invoked from network); 8 May 1999 07:44:57 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 May 1999 07:44:57 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id DAA24371
for <linux-security@redhat.com>; Sat, 8 May 1999 03:11:09 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id JAA07835
for <linux-security@redhat.com>; Sat, 8 May 1999 09:11:06 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id JAA00449
for linux-security@redhat.com; Sat, 8 May 1999 09:11:05 +0200
Received: from pop.vuurwerk.nl
by localhost with POP3 (fetchmail-4.7.5)
Approved: R.E.Wolff@BitWizard.nl
for wolff@localhost (single-drop); Sat, 08 May 1999 09:07:32 +0200 (MEST)
Received: by haarlem-2.vuurwerk.nl (mbox bitwiz)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Sat May 8 09:07:31 1999)
X-From_: linux-security-request@redhat.com Sat May 8 09:05:23 1999
Received: from groningen.vuurwerk.nl (IDENT:root@groningen.vuurwerk.nl
[194.178.232.19])
by haarlem-2.vuurwerk.nl (8.9.3/8.9.1) with ESMTP id JAA19240
for <bitwiz@haarlem-2.vuurwerk.nl>; Sat, 8 May 1999 09:05:23 +0200
Received: from lists.redhat.com (lists.redhat.com [199.183.24.247])
by groningen.vuurwerk.nl (8.9.2/8.9.1) with SMTP id JAA26542
for <r.e.wolff@BitWizard.nl>; Sat, 8 May 1999 09:05:21 +0200 (CEST)
Received: (qmail 692 invoked by uid 501); 8 May 1999 07:38:42 -0000
Received: (qmail 29401 invoked from network); 8 May 1999 07:35:02 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 8 May 1999 07:35:02 -0000
Received: from orakelkasten.klammeraffe.org (orakelkasten.klammeraffe.org
[195.214.69.193])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id DAA23702
for <linux-security@redhat.com>; Sat, 8 May 1999 03:01:16 -0400
Received: from elektrobarde.klammeraffe.org (elektrobade.ecrc.de [141.1.97.19])
by orakelkasten.klammeraffe.org (8.8.7/8.8.7/19990210mat) with ESMTP id
JAA01832;
Sat, 8 May 1999 09:01:12 +0200
Received: (from brandy@localhost)
by elektrobarde.klammeraffe.org (8.8.7/8.8.7) id IAA14014;
Sat, 8 May 1999 08:57:46 +0200
Message-ID: <19990508085745.A8798@elektrobarde.klammeraffe.org>
Date: Sat, 8 May 1999 08:57:45 +0200
From: mat -filid brandy <brandy@klammeraffe.org>
To: "Levy Carneiro Jr." <levy@null.net>
Cc: linux-security@redhat.com
Subject: [linux-security] Re: php3 module and security
References: <Pine.LNX.4.10.9905071912500.2891-100000@slave.fractal.com.br>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2
In-Reply-To:
<Pine.LNX.4.10.9905071912500.2891-100000@slave.fractal.com.br>; from Levy
Carneiro Jr. on Fri, May 07, 1999 at 07:19:19PM -0300
X-moderate: yes
Slan,
On Fri, May 07, 1999 at 07:19:19PM -0300, Levy Carneiro Jr.
wrote:> When php3 module is compiled in apache, files in any directory will
> be interpreted by the parser and executed. This is a security breach.
> There is a way to correct this? Any comments?
Read the SAFEMODE part of php3 !!!
Slainte agus saol agat,
-mat-
--
-mat- filid brandy brandy@klammeraffe.org MB210-RIPE
<A HREF="http://www.klammeraffe.org/~brandy/">-mat-
brandy</A>
PGP PUBLIC KEY CODE via finger
From mail@mail.redhat.com Sun May 9 06:38:15 1999
Received: (qmail 10618 invoked from network); 9 May 1999 11:12:38 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 9 May 1999 11:12:38 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id GAA07534
for <linux-security@redhat.com>; Sun, 9 May 1999 06:38:15 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id MAA15069
for <linux-security@redhat.com>; Sun, 9 May 1999 12:38:10 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id MAA00348
for linux-security@redhat.com; Sun, 9 May 1999 12:38:09 +0200
Received: from pop.vuurwerk.nl
by localhost with POP3 (fetchmail-4.7.5)
Approved: R.E.Wolff@BitWizard.nl
for wolff@localhost (single-drop); Sun, 09 May 1999 05:47:01 +0200 (MEST)
Received: by haarlem-2.vuurwerk.nl (mbox bitwiz)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Sun May 9 05:47:01 1999)
X-From_: linux-security-request@redhat.com Sun May 9 05:45:16 1999
Received: from leeuwarden.vuurwerk.nl (IDENT:root@leeuwarden.vuurwerk.nl
[194.178.232.16])
by haarlem-2.vuurwerk.nl (8.9.3/8.9.1) with ESMTP id FAA19663
for <bitwiz@haarlem-2.vuurwerk.nl>; Sun, 9 May 1999 05:45:16 +0200
Received: from lists.redhat.com (lists.redhat.com [199.183.24.247])
by leeuwarden.vuurwerk.nl (8.9.2/8.9.1) with SMTP id FAA19308
for <r.e.wolff@BitWizard.nl>; Sun, 9 May 1999 05:45:15 +0200 (CEST)
Received: (qmail 5378 invoked by uid 501); 9 May 1999 04:19:23 -0000
Received: (qmail 5350 invoked from network); 9 May 1999 04:19:22 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 9 May 1999 04:19:22 -0000
Received: from ns1.mailer.org (mailer.org [199.44.63.2])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id XAA08010
for <linux-security@redhat.com>; Sat, 8 May 1999 23:45:10 -0400
Received: from localhost (amacc@localhost)
by ns1.mailer.org (8.8.7/8.8.7) with SMTP id XAA14022;
Sat, 8 May 1999 23:46:40 -0400
Date: Sat, 8 May 1999 23:46:40 -0400 (EDT)
From: Andrew McRory <amacc@mailer.org>
X-Sender: amacc@ns1.mailer.org
To: linux-security@redhat.com
cc: bugtraq@netspace.org
Subject: OpenLinux 2.2: LISA install leaves root access without password
Message-ID: <Pine.LNX.4.02.9905082300390.13930-100000@ns1.mailer.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-moderate: yes
Hello,
I believe I've found a bug in the installation process of OpenLinux 2.2
when using the LISA boot disk. During the installation a temporary passwd
file is put on the new file system containing the user "help" set
uid=0
gid=0 and no password. Once you are prompted to set the root password and
default user password a new passwd and shadow file is created yet the help
user is left in the shadow file with, you guessed it, no password... Here
are the offending entries:
/etc/passwd
help:x:0:0:install help user:/:/bin/bash
/etc/shadow
help::10709:0:365:7:7::
Anyone who installed OpenLinux 2.2 using the LISA boot disk should check
their password file now ;-)
I found this using a cdrom I made from a mirror of the mirror at
ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the
install.144 file from ftp.calderasystems.com and tried again. Same thing.
The install disk is version 137 dated 26Mar99 (displayed on the boot
message).
I wrote Caldera a message late in the day Friday regarding this bug but
haven't heard back from anyone. I've tried to resist posting this until
I
hear back but I really feel people should know now!!
PS: I'm not sure if Lizard, the graphical installation method, has this
problem. It crashes before it does much here.... that's why I tried LISA.
Thanks,
Andrew McRory - amacc@linuxsys.com ***********************************
Linux Systems Engineers / The PC Doctors *
3009-C West Tharpe Street - Tallahassee, FL 32303 *
Voice 850.575.7213 ***************************************************
From mail@mail.redhat.com Sun May 9 16:46:31 1999
Received: (qmail 16477 invoked from network); 9 May 1999 21:21:21 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 9 May 1999 21:21:21 -0000
Received: from rosie.bitwizard.nl (root@3dyn123.delft.casema.net
[195.96.104.123])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id QAA28665
for <linux-security@redhat.com>; Sun, 9 May 1999 16:46:31 -0400
Received: from cave.BitWizard.nl (wolff@cave.bitwizard.nl [192.168.234.1])
by rosie.bitwizard.nl (8.8.8/8.8.8) with ESMTP id WAA17702
for <linux-security@redhat.com>; Sun, 9 May 1999 22:46:22 +0200
Received: (from wolff@localhost)
by cave.BitWizard.nl (8.8.8/8.8.8) id WAA00710
for linux-security@redhat.com; Sun, 9 May 1999 22:46:22 +0200
Received: from pop.vuurwerk.nl
by localhost with POP3 (fetchmail-4.7.5)
Approved: R.E.Wolff@BitWizard.nl
for wolff@localhost (single-drop); Sun, 09 May 1999 15:24:31 +0200 (MEST)
Received: by haarlem-2.vuurwerk.nl (mbox bitwiz)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Sun May 9 15:24:31 1999)
X-From_: linux-security-request@redhat.com Sun May 9 15:22:49 1999
Received: from leeuwarden.vuurwerk.nl (IDENT:root@leeuwarden.vuurwerk.nl
[194.178.232.16])
by haarlem-2.vuurwerk.nl (8.9.3/8.9.1) with ESMTP id PAA21522
for <bitwiz@haarlem-2.vuurwerk.nl>; Sun, 9 May 1999 15:22:49 +0200
Received: from lists.redhat.com (lists.redhat.com [199.183.24.247])
by leeuwarden.vuurwerk.nl (8.9.2/8.9.1) with SMTP id PAA08412
for <r.e.wolff@BitWizard.nl>; Sun, 9 May 1999 15:22:48 +0200 (CEST)
Received: (qmail 17933 invoked by uid 501); 9 May 1999 13:57:07 -0000
Received: (qmail 17920 invoked from network); 9 May 1999 13:57:06 -0000
Received: from mail.redhat.com (199.183.24.239)
by lists.redhat.com with SMTP; 9 May 1999 13:57:06 -0000
Received: from ns.lst.de ([194.231.72.65])
by mail.redhat.com (8.8.7/8.8.7) with ESMTP id JAA30227
for <linux-security@redhat.com>; Sun, 9 May 1999 09:22:45 -0400
Received: by ns.lst.de (Smail3.2 #1)
id m10gTQD-000HRkC; Sun, 9 May 1999 15:15:09 +0200 (CEST)
Message-ID: <19990509151509.B7469@lst.de>
Date: Sun, 9 May 1999 15:15:09 +0200
From: Ralf Flaxa <rf@caldera.de>
To: Andrew McRory <amacc@mailer.org>, linux-security@redhat.com
Cc: bugtraq@netspace.org, Ralf Flaxa <rf@caldera.de>
Subject: [linux-security] Re: OpenLinux 2.2: LISA install leaves root access
without password
Reply-To: Ralf Flaxa <rf@caldera.de>
References: <Pine.LNX.4.02.9905082300390.13930-100000@ns1.mailer.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <Pine.LNX.4.02.9905082300390.13930-100000@ns1.mailer.org>;
from Andrew McRory on Sat, May 08, 1999 at 11:46:40PM -0400
Organization: Caldera (Deutschland) GmbH
X-PGP-fingerprint: 6D 02 48 48 87 9C 6A 9C 30 A8 4D 15 AC CA 96 10
X-moderate: yes
Hi Andrew,
We are currently checking whether this is a FTP version only
phenomena or not.
In any case we will make new (old style) LISA images available
this afternoon (MET). Watch for the 138 images. I'll post a
follow-up to this mail when they are available.
Note that *only* the LISA (old style) install is affected.
The lizard (new style, graphical) install is not affected.
To avoid confusion - old style images carry 1xx numbers,
new style images carry 2xx numbers.
If you had to use the old style images, the quick fix
is to remove (after installation) the lines starting with
"help" from /etc/passwd and /etc/shadow.
Until later
Ralf
On Sat, May 08, 1999 at 11:46:40PM -0400, Andrew McRory
wrote:>
> Hello,
>
> I believe I've found a bug in the installation process of OpenLinux 2.2
> when using the LISA boot disk. During the installation a temporary passwd
> file is put on the new file system containing the user "help" set
uid=0
> gid=0 and no password. Once you are prompted to set the root password and
> default user password a new passwd and shadow file is created yet the help
> user is left in the shadow file with, you guessed it, no password... Here
> are the offending entries:
>
> /etc/passwd
> help:x:0:0:install help user:/:/bin/bash
>
> /etc/shadow
> help::10709:0:365:7:7::
>
> Anyone who installed OpenLinux 2.2 using the LISA boot disk should check
> their password file now ;-)
>
> I found this using a cdrom I made from a mirror of the mirror at
> ftp.tux.org. Just to make sure I wasn't mixed up I redownloaded the
> install.144 file from ftp.calderasystems.com and tried again. Same thing.
> The install disk is version 137 dated 26Mar99 (displayed on the boot
> message).
>
> I wrote Caldera a message late in the day Friday regarding this bug but
> haven't heard back from anyone. I've tried to resist posting this
until I
> hear back but I really feel people should know now!!
>
> PS: I'm not sure if Lizard, the graphical installation method, has this
> problem. It crashes before it does much here.... that's why I tried
LISA.
>
> Thanks,
>
>
>
> Andrew McRory - amacc@linuxsys.com ***********************************
> Linux Systems Engineers / The PC Doctors *
> 3009-C West Tharpe Street - Tallahassee, FL 32303 *
> Voice 850.575.7213 ***************************************************
>
> --
> ----------------------------------------------------------------------
> Please refer to the information about this list as well as general
> information about Linux security at http://www.aoy.com/Linux/Security.
> ----------------------------------------------------------------------
>
> To unsubscribe:
> mail -s unsubscribe linux-security-request@redhat.com < /dev/null
--
_____ ___
/ __/____/ / Caldera (Deutschland) GmbH
/ /_/ __ / /__ Lazarettstr. 8, 91054 Erlangen
/_____//_/ /____/ Dipl. Inf. Ralf Flaxa, email: rf@caldera.de
==== /_____/ ====== phone: ++49 9131 8978-23, fax: ++49 9131 8978-22
Caldera OpenLinux PGP: 6D 02 48 48 87 9C 6A 9C 30 A8 4D 15 AC CA 96 10