Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20021012094123.GA17597@openwall.com>
Date: Sat, 12 Oct 2002 13:41:23 +0400
From: Solar Designer <solar@...nwall.com>
To: "John E. Davis" <davis@...ce.mit.edu>
Cc: security-audit@...ret.lmh.ox.ac.uk, xvendor@...ts.openwall.com
Subject: slang 1.4.6 Owl patches

John,

Attached to this message are two patches and RPM spec file from our
S-Lang package in Owl (http://www.openwall.com/Owl/)

I did a review of the library code for environment variable uses and
restricted those which would be unsafe in SUID/SGID programs, in a
glibc-specific way.  While I think that it's an extremely bad idea to
use slang in this way, I also feel that as a distribution providing
the library we're somewhat responsible for the consequences of such
misuses.  Hence the patch.

If you choose to make a similar change to the official slang, the
references to __secure_getenv() and __libc_enable_secure need to be
replaced with similar slang-internal interfaces which would rely on:

1. issetugid(2) where available (*BSD);
2. __libc_enable_secure on glibc;
3. getuid() != geteuid() || getgid() != getegid() first time, cached
result afterwards.

The third possibilities isn't as secure as the first two because it is
possible that the program has started as SUID/SGID and possesses access
to a privileged resource (open files, data in address space), but has
already relinquished its privileged effective IDs so that's not detected.

Oh, by the way, it'd be nice to allow for specifying ELF_CFLAGS without
having to patch the configure script.

-- 
/sd

View attachment "slang-1.4.6-owl-fixes.diff" of type "text/plain" (7457 bytes)

View attachment "slang-1.4.6-owl-tmp.diff" of type "text/plain" (1300 bytes)

View attachment "slang.spec" of type "text/plain" (2682 bytes)

Powered by blists - more mailing lists

Please check out the xvendor mailing list charter.