Date: Sat, 16 Jan 2016 17:58:15 +0000 From: Simon McVittie <smcv@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: Setgid/Setuid binary writing privilege escalation On 16/01/16 16:39, halfdog wrote: > As staff is > has rwx permissions on python dist-packages and /var/local, any root > process accessing those is at high risk to be used to escalate to uid > root also. The staff group on Debian derivatives like Ubuntu is meant to be root-equivalent anyway (see /usr/share/doc/base-passwd/users-and-groups.txt.gz for details of what this group means). If you want to escalate from staff to root, there's no need to use clever tricks like these, because staff has write access to directories on root's default PATH. There is a long-term plan to make everything that is currently 0775 root:staff instead be 0755 root:root, at least on new installations <https://bugs.debian.org/299007> but it was being done gradually to avoid breaking existing systems where the sysadmin might be relying on the staff group's current functionality, and unfortunately it now seems to have stalled altogether. I'll contact that bug and try to get things moving again. S
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ