TUCoPS :: Antique Systems :: ciac-b1.txt

Security Problem on the NeXT Operating System



        _____________________________________________________

              The Computer Incident Advisory Capability

                         ___  __ __    _     ___

                        /       |     / \   /

                        \___  __|__  /___\  \___

        _____________________________________________________

                        Informational Bulletin                                 



             Security Problem on the NeXT Operating System 



October 5, 1990, 0800 PST                                  Number B-1



CIAC has been informed of a series of security problems in the NeXT

operating system that are now becoming well known.  If your site

operates NeXT machines, CIAC recommends that you follow the procedures

below to secure these systems against attack.  The information

contained in this message has been provided by David Besemer, NeXT

Computer, Inc. and from the Computer Emergency Response Team (CERT).

The following describes four potential security problems and NeXT

Computer's recommended solutions and known system impact.



Problem 1.  DESCRIPTION:  On Release 1.0 and 1.0a, a script exists in

/usr/etc/restore0.9 that is a setuid shell script.  The existence of

this script is a potential security problem.



IMPACT:  The script is only needed during the installation process and

isn't needed for normal usage.  It is possible for any logged in user

to gain root access.



SOLUTION:  NeXT owners running Release 1.0 or 1.0a should remove the

file /usr/etc/restore0.9 from all disks.  This file is installed by the

"BuildDisk" application, so it should be removed from all systems built

with the standard release disk, as well as from the standard release

disk itself (which will prevent the file from being installed on

systems built with the standard release disk in the future).  You must

be root to remove this script, and the command that will remove the

script is the following:



        # /bin/rm /usr/etc/restore0.9



Problem 2.  

DESCRIPTION:  On NeXT computers running Release 1.0 or 1.0a that also

have publicly accessible printers, users can gain  extra permissions

via a combination of bugs.



IMPACT: Computer intruders are able to exploit this security problem to

gain access to the system. Intruders, local users and remote users are

able to gain root access.



SOLUTION:  NeXT computer owners running Release 1.0 or 1.0a should do

two things to fix a potential security problem. First, the binary

/usr/lib/NextPrinter/npd must be replaced with a more secure version.

This more secure version of npd is available through your NeXT support

center.  You may contact this support center using electronic mail to:

ask_next@NeXT.com.  This patched npd is also available by anonymous FTP

on the nodes nova.cc.purdue.edu, umd5.umd.edu, and cs.orst.edu.  You

may also contact CIAC for help in obtaining this patch.  Upon receiving

a copy of the more secure npd, you must become root and install it in

place of the old one in /usr/lib/NextPrinter/npd.  The new npd binary

needs to be installed with the same permission bits (6755) and owner

(root) as the old npd binary.  The commands to install the new npd

binary are the following:



# /bin/mv /usr/lib/NextPrinter/npd /usr/lib/NextPrinter/npd.old 

# /bin/mv newnpd /usr/lib/NextPrinter/npd 



(In the above command, "newnpd" is the npd binary that you obtained

from your NeXT support center.)



# /etc/chown root /usr/lib/NextPrinter/npd 

# /etc/chmod 6755 /usr/lib/NextPrinter/npd

# /etc/chmod 440 /usr/lib/NextPrinter/npd.old 



The second half of the fix to this potential problem is to change the

permissions of directories on the system that are currently owned and

able to be written by group "wheel".  The command that will remove

write permission for directories owned and writable by group "wheel" is

below.  This command is all one line, and should be run as root.



# find / -group wheel ! -type l -perm -20 ! -perm -2 -ls -exec chmod

g-w {} \; -o -fstype nfs -prune





Problem 3.

DESCRIPTION: On NeXT computers running any release of the system

software, public access to the window server may be a potential

security problem.The default in Release 1.0 or 1.0a is correctly set so

that public access to the window server is not available.  It is

possible, when upgrading from a prior release, that the old

configuration files will be reused.  These old configuration files

could possibly enable public access to the window server.



IMPACT: This security problem will enable an intruder to gain access to

the system.



SOLUTION: If public access isn't needed, it should be disabled.



1. Launch the Preferences application, which is located in /NextApps 2.

Select the UNIX panel by pressing the button with the UNIX certificate

on it.



3. If the box next to Public Window Server contains a check, click on

the box to remove the check.



Problem 4.

DESCRIPTION: On NeXT computers running any release of the system

software, the "BuildDisk" application is executable by all users.



IMPACT: Allows a user to gain root access.



SOLUTION: Change the permissions on the "BuildDisk" application

allowing only root to execute it.  This can be accomplished with the

command:



# chmod 4700 /NextApps/BuildDisk



To remove "BuildDisk" from the default icon dock for new users, do the

following:



1. Create a new user account using the UserManager application. 

2. Log into the machine as that new user. 

3. Remove the BuildDisk application from the Application Dock by 

   dragging it out. 

4. Log out of the new account and log back in as root. 

5. Copy the file in ~newuser/.NeXT/.dock to 



   /usr/template/user/.NeXT/.dock



   (where ~newuser is the home directory of the new user account) 



6. Set the protections appropriately using the following command:  



        # chmod 555 /usr/template/user/.NeXT/.dock 



7. If you wish, with UserManager, remove the user account that you 

   created in step 1.



In release 2.0, the BuildDisk application will prompt for the root

password if it is run by a normal user.



NeXT has also reported that these potential problems have been fixed in

NeXT's Release 2.0, which will be available in November, 1990.  For

additional information or assistance, please contact CIAC or your NeXT

support center.



        Tom Longstaff

        (415) 423-4416 or (FTS) 543-4416

or

        David Brown

        (415) 423-9878 or (FTS) 543-9878



        FAX:  (415) 423-0913 or (FTS) 543-0913 

 

or send e-mail to:



        ciac@tiger.llnl.gov



Thanks to Corey Satten and Scott Dickson for discovering, documenting,

and helping resolve these problems.



Neither the United States Government nor the University of California

nor any of their employees, makes any warranty, expressed or implied,

or assumes any legal liability or responsibility for the accuracy,

completeness, or usefulness of any information, product, or process

disclosed, or represents that its use would not infringe privately

owned rights.  Reference herein to any specific commercial products,

process, or service by trade name, trademark manufacturer, or

otherwise, does not necessarily constitute or imply its endorsement,

recommendation, or favoring by the United States Government or the

University of California.  The views and opinions of authors expressed

herein do not necessarily state or reflect those of the United States

Government nor the University of California, and shall not be used for

advertising or product endorsement purposes.





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH