[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SU: the mother of trojan horses

I consider the way SU is implemented in RedHat (and Indy) a serious
security problem:

 Phase 1: You excute a program like normal user.  That program without
you knowing it installs a copy of it at $HOME/bin/ls and perhaps modify
the .profile in order to ensure your ~/bin is in front of the path.

Phase 2: One day you SU to root.  Givzen that RedHat's root does not
reset the PATH that means the trojan 'ls' will be executed and it will
be with root access root rights

Caldera manages this by reinitializing the environment (by the way
don't look at SU source code the trick is in root's .bashrc and
.bashrc_profile.  This is not fully satisfactory because the means the
root shell will have /root as $HOME value and when an X app is started
from the root shell it will not be looking at the right place for the
MIT cookie. Of course this is irrelevant because the $DISPLAY variable
has also been lost when the environent was reinitialized.

So either we fix the broken RedHat way to SU either we recommend the
user to do regular logins.

			Jean Francois Martinez

Project Independence: Linux for the Masses