TUCoPS :: SunOS/Solaris :: 64.txt

Security problem in Sun3 and Sun4 unix-restore


**********************************************************************
DDN MGT Bulletin 64              DCA DDN Defense Communications System
08 Aug 89                        Published by: DDN Network Info Center
                                     (NIC@NIC.DDN.MIL)  (800) 235-3155
 
                        DEFENSE  DATA  NETWORK
                         MANAGEMENT  BULLETIN
 
The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
Information Center under DCA contract as a means of communicating
official policy, procedures and other information of concern to
management personnel at DDN facilities.  Back issues may be read
through the TACNEWS server ("@n" command at the TAC) or may be
obtained by FTP (or Kermit) from the SRI-NIC host [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The pathname
for bulletins is DDN-NEWS:DDN-MGT-BULLETIN-nn.TXT (where "nn" is the
bulletin number).
 
**********************************************************************
 
           SECURITY PROBLEM IN SUN3 AND SUN4 UNIX - RESTORE
 
 APPLICABLE OPERATING SYSTEM: UNIX 4.0, 4.01, 4.03 running on Sun3 and
                              Sun4 machines.
 
  PROBLEM: A serious security problem has been discovered in SunOS
           restore.  The problem occurs because restore is setuid to
           root.  Without going into details, is sufficient to say
           that this is a serious hole.  All SunOS 4.0 installations
           should install one of the two workarounds described below.
 
           The first is preferred as it makes restore unexecutable by
           ordinary users, but this workaround makes it impossible to
           restore via a remote tape drive.  If you need to restore in
           this way, the second workaround will limit the use of restore
           to a select group.
 
WORKAROUND(1): Make restore non-setuid by becoming root and doing a

               chmod 750 /usr/etc/restore
 
           This makes restore non-setuid and unreadable and
           unexecutable by ordinary users.
 
           Making restore non-setuid affects the restore command
           using a remote tape drive.  You will no longer be able to
           run a restore from another machine as an ordinary user;
           instead, you'll have be root to do so.  (The reason for
           this is that the remote tape drive daemon on the machine
           with the tape drive expects a request on a TCP privileged
           port.  Under SunOS, you can't get a privileged port unless
           you are root.  By making restore non-setuid, when you run
           restore and request a remote tape drive, restore won't be
           able to get a privileged port, so the remote tape drive
           daemon won't talk to it.)
 
 
WORKAROUND(2): If you do need to have some users run restore from
           remote tape drives without being root, you can use the
           following workaround.
 
               cd /usr/etc
               chgrp operator restore
               chmod 4550 restore
 
           This allows the use of restore by some trusted group.
           In this case, we used the group 'operator', but you may
           substitute any other group that you trust with access
           to the tape drive.  Thus, restore is still setuid and
           vulnerable, but only to the people in the trusted group.
 
           The 4550 makes restore readable and executable by the group
           you specified, and unreadable by everyone else.
 
 
 CONTACTS: Call your Sun customer support representative if you have
           any questions.  Refer to this problem by Sun's bug number
           1019265.  If you have difficulty reaching your
           representative, call the Sun Hotline at
 
           (800) USA-4SUN   or (800) 872-4786
 
           Call CERT at (412) 268-7090  for general problem information.
           Call SRI/NIC at 1-800-235-3155 for general information.
 
 
  NOTE(1): This bulletin represents the best information available
           at this time on this problem.  As with any system
           modification, WORK WITH YOUR SUN REPRESENTATIVE.
 
  NOTE(2): Only those sites that run SunOS 4.0, 4.0.1, and 4.0.3 are
           affected.  It does not appear in SunOS 3.5.
 
  NOTE(3): A user does need to have an existing account to exploit
           this hole; however, `GUEST' is sufficient.



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH