I visited the URL you posted, and I had seen a similar report in the
majordomo-users archives from about 2 years ago.
Good file and directory security of no group or other write
permissions makes this a non-issue. Doesn't it?
I have my doubts about this exploit, because debugging must be enabled
before a .debug file will be created. Right? If it is created, it will
be mode 660 or 644 depending on how you set your Makefile. Groups and
others cannot overwrite, modify, delete, or symlink to an existing
file. Only the user can. Why would the majordomo user intentionally
link one of it's executable scripts to a file that gets appended to
everytime it runs? Suicide maybe? On the other hand, this is the
perfect reason for setting your majordomo $HOME directory to 750.
Want to make doubly sure this exploit can not be used against your
majordomo? Just create it's own $HOME/tmp or /var/lib/majordomo/tmp
file with 750 permissions owner and group majordomo. Now edit your
majordomo.cf file near line 200 to say something like
$TMPDIR = "/var/lib/majordomo/tmp";
instead of
# $TMPDIR = $ENV{'TMPDIR'} || "/usr/tmp";
(The RPM installer does this for you.)
Dan Liston
Gustavo Araujo Bittencourt wrote:
>
> Hello everybody,
>
> Today I received the below warning, is there any fundament ?
>
> Thank's,
> Gustavo.
> > ---------
> >
> >
> > Description: Standard tmpfile problem Author: Karl G - NOC Admin
> > <ovrneith@tqgnet.com> Compromise: Any user on a system running majordomo
> > can append arbitrary data to any file owned by the majordomo account.
> > Vulnerable Systems: Those running majordomo. This runs on a ton of systems
> > (Solaris, Linux, IRIX, etc.). Date: 26 March 1998 Exploit & full info:
> > Available http://www.insecure.org/sploits/Majordomo.tmpfile.html
> >
References:
|
|
