REPOST: Re: Linux a bezpecnost

Jan Kasprzak kas na informatics.muni.cz
Pátek Březen 20 15:53:30 CET 1998 

	Tohle mi listserver vratil - posilam znovu.

-Yenya

From: "Petr Kolar" <PETR.KOLAR na vslib.cz>
Organization:  Technical University of Liberec
To: linux na muni.cz
Date:          Fri, 20 Mar 1998 10:47:46 MET-1EET
Subject:       Re: Linux a bezpecnost
Priority: normal
X-mailer: Pegasus Mail v3.40
Message-ID: <286B32E0066 na tyto.vslib.cz>

Adresare /tmp, /var/tmp /usr/tmp ... bez sticky bitu jsou snad na vsech 
SunOSech vcetne 4.x (vzhledem k tomu, ze bezpecnostni certifikace je trochu
neco jineho, nedivil bych se, kdyby to bylo stejne i u tech bezpecnych 
SunOSu ;-), a nemyslim si, ze SunOSy jsou jedine...

Ale aby to nebylo uplne off-topic: dost casto mivaji prava 777 taky 
adresare pro sokety, pres ktere se komunikuje s lokalnim X serverem
(/tmp/.X11-unix, pripadne /tmp/.NeWS-unix) - to by nejspis slo take
zneuzit. Jak to ma byt spravne? Taky 1777 a vlastnik root?

A jeste neco. Urcite ne vsichni v teto konferenci jsou prihlaseni do 
bugtraq a ne vsichni ctou www.redhat.com (protoze maji treba jiny Linux), 
ale sem tam nekdo pouziva X. Existuje roztomila dira, ktera umoznuje 
lokalnimu uzivateli pocitace, kde je nainstalovan X server, ziskat prava 
roota. Tady je k ni oprava. Na pocitacich, ktere funguji jako server pro
vice uzivatelu, je ale lepsi X server vubec nemit. Tusim, ze podobne je to
i s DOSEMU.

- -----BEGIN PGP SIGNED MESSAGE-----

===========================================================================
              AUSCERT External Security Bulletin Redistribution
                                      
                                      
                    ESB-98.018 -- Red Hat Linux Bulletin
                           X server security holes
                               5 February 1998

===========================================================================

Red Hat Software, Inc. has released the following advisory concerning
several vulnerabilities in the X server.  These problems affect all Red
Hat Linux platforms and versions.

The following security bulletin is provided as a service to AUSCERT's
members.  As AUSCERT did not write this document, AUSCERT has had no
control over its content.  As such, the decision to use any or all of this
information is the responsibility of each user or organisation, and should
be done so in accordance with site policies and procedures.

NOTE: This is only the original release of the security bulletin.  It will
not be updated when the original bulletin is.  If downloading at a later
date, it is recommended that the bulletin is retrieved from the original
authors to ensure that the information is still current.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/Information/advisories.html

If you believe that your system has been compromised, contact AUSCERT or 
your
representative in FIRST (Forum of Incident Response and Security Teams).

Internet Email: auscert na auscert.org.au
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AUSCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for emergencies.
Facsimile:      (07) 3365 7031


- - --------------------------BEGIN INCLUDED TEXT--------------------

- - -----BEGIN PGP SIGNED MESSAGE-----


Various problems have been found in the X server which makes it a serious
threat to system security. All versions of the X server, including Metro X
and Accelerated X, are thought to be affected (only XFree86 and the MIT X 
reference implementation are *known* to be, however).  This problem affects
all Red Hat Linux platforms and versions.

Currently, no new X servers are available. Instead, Red Hat recommends
removing the special permissions from the X server binary (the setuid
bit), and using a wrapper program which is now on ftp.redhat.com. To do
this, follow the following steps. The order is quite important, so please
follow these instructions carefully.

    1) Remove the setuid bit from all X servers installed on your
       system with the following command:

        chmod u-s /usr/X11R6/bin/X*

    2) Install the updated Xconfigurator package (details below)

    3) Install the new xserver-wrapper package (details below)

    4) If you are running Accelerated X, run the following command:

        ln -sf /usr/X11R6/bin/Xaccel /etc/X11/X

       if you are not running Accelerated X, do not do this step!

After these steps have been completed, X should functions as usual.

This information will appear on the Errata for Red Hat Linux 4.2 and
Red Hat Linux 5.0 shortly. 

Thanks to everyone on BUGTRAQ who brought these problems to our attention.

Red Hat 5.0
- - - -------------

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/Xconfigurator-3.26-1.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/i386/xserver-wrapper-1.1-
1.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/Xconfigurator-3.26-
1.alpha.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/5.0/alpha/xserver-wrapper-1.1-
1.alpha.rpm

Red Hat 4.2
- - - -------------

i386:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/Xconfigurator-2.6.1-
1.i386.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/i386/xserver-wrapper-1.1-
0.i386.rpm

alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/Xconfigurator-2.6.1-
1.alpha.rpm
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/alpha/xserver-wrapper-1.1-
0.alpha.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.2/sparc/xserver-wrapper-1.1-
0.sparc.rpm


- - -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNNiGsqUg6PHLopv5AQHsHgP/aPPd9omBYNM+ie1zOH+pxLRzouz/I6cq
gdfzsb+0Wo/b6+0mIyAuKct5S1MQP695yx62EEMu6j/y54+jj2dTkGpNpdohbt3+
jRGwxyQ6lHv2na/IFFKYPSYJdVT5bRbKz+/Tpi4AxYYYW1pIe57P9xxGB7aRV3f1
veW8HK4mvbU=
=s3yj
- - -----END PGP SIGNATURE-----


- - --------------------------END INCLUDED TEXT--------------------


- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key

iQCVAwUBNNsleih9+71yA2DNAQFuAQP9EwBU2lscWGJ8fK/aLlNQONQWUuNKURBA
DQ8B4T9WeZi1cOAu/TKwoGegp2ASC0tJYUkSQm4UGk2es9OFoYfQR1hpHa48G21/
BAThIMPGW6xUJZfgNJQKueTQmV9CPgSdHfSdNoxpQ+1r4QGfXV8u0VpHorkVfO2p
jR+HE0LuXx4=
=JoqE
- -----END PGP SIGNATURE-----


                                                       S pozdravem
- --
                         ***  Petr Kolar  ***
Department of Information Technologies, Technical University of Liberec
            Voronezska 1329, 461 17 Liberec, Czech Republic
            Phone: +420-48-535-2371   Fax: +420-48-535-2229
  E-mail: Petr.Kolar na vslib.cz   http://www.cesnet.cz/staff/kolar.html

------- End of Forwarded Message

--
\ Jan "Yenya" Kasprzak <kas at fi.muni.cz>       http://www.fi.muni.cz/~kas/
\\ PGP: finger kas at aisa.fi.muni.cz   0D99A7FB206605D7 8B35FCDE05B18A5E //
\\\             Czech Linux Homepage:  http://www.linux.cz/              ///
/// The people who deserve to be flamed are digital who on the altavista \\\
//news page claim the entire project ran on 200 Alphas running NT, welcome\\
/ to the world of lies, half truths and microsoft.              --Alan Cox \

Další informace o konferenci Linux