Results 1 to 10 of 10

Thread: OpenSuse 11.1 security issue "ip" - exec. by others

  1. #1

    Default OpenSuse 11.1 security issue "ip" - exec. by others

    I don't know how on OpenSuse 11.2, but I found out that on my 11.1 kernel 2.6.27.42-0.1 command "ip" and everything else belongs to it, can be executed by everyone.

    I don't thing it is really good idea.

    Please check this.

    Thanks.

  2. #2
    Join Date
    Jun 2008
    Location
    Frisco, TX
    Posts
    1,233

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    On Mon, 2010-01-25 at 18:26 +0000, nimnull22 wrote:
    > I don't know how on OpenSuse 11.2, but I found out that on my 11.1
    > kernel 2.6.27.42-0.1 command "ip" and everything else belongs to it, can
    > be executed by everyone.


    It executes with no privs... I guess it could be viewed harmful
    if information is harmful? But you know, you could always execute
    /sbin/ifconfig as well as a normal user.

    >
    > I don't thing it is really good idea.


    AFAIK, it's not harmful... unless seeing your IP address, etc, is
    considered harmful.



  3. #3

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    Ok. Thanks. I will change attributes, and also for "route" and others.

    I don't understand, if network utilities can be executed by anyone even GUEST, what kind of SECURITY developers are talking about - guest can change IP, routing...

    It is just one big hole.

    Thanks.

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,853

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    They can only SEE things, they can not CHANGE anything.

    I do not think that after so many years of this behaviour in Unix/Linux you can now accuse all those 'developers' of neglecting security.
    Henk van Velden

  5. #5
    Join Date
    Nov 2009
    Location
    Uruguay
    Posts
    737

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Wait, can you as normal user change the configuration of the system
    using it??????

    - --
    VampirD
    No in elenath hlar nan hd gn
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.12 (GNU/Linux)
    Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

    iEYEARECAAYFAkteGM8ACgkQJQ+0ABWtaVlI9QCeIJ7U1PgaG1m3CRzWKjceU95H
    atQAoLAn408hetVS4gzy2CL6/6mLxvHe
    =vnki
    -----END PGP SIGNATURE-----

  6. #6

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    No, normal user can't change:

    ip addr add 192.168.2.20/32 dev eth0
    RTNETLINK answers: Operation not permitted

    /sbin/ifconfig eth0 down
    SIOCSIFFLAGS: Permission denied

    So, system can't be tweaked.

    I'm happy. but anyway I will change file attributes.

    Everyone thanks.

  7. #7
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,648

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    You may run into trouble doing that many programs need to read the files under the user credentials.So some programs may not run if you suddenly make their config files unreadable for a user.

    But you live and you learn by doing dumb things

  8. #8
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,853

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    Quote Originally Posted by nimnull22 View Post
    No, normal user can't change:

    ip addr add 192.168.2.20/32 dev eth0
    RTNETLINK answers: Operation not permitted

    /sbin/ifconfig eth0 down
    SIOCSIFFLAGS: Permission denied

    So, system can't be tweaked.

    I'm happy. but anyway I will change file attributes.

    Everyone thanks.
    You are welcome in spite of the fact that you did not realy understand the impact of my answer.

    You better do not change those setting. There is more then 20 years of experience flown into them. When you think in a brink of time that you can invent a better way of doing these things you are very likely to run in difficulties as gogalthorp warns you. Even a much needed and asap to be done security update may give you a headache.
    Henk van Velden

  9. #9
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    I suppose it could be worse, like the guy who though that mode 666 on /dev/null was a mistake and changed it.

  10. #10
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,853

    Default Re: OpenSuse 11.1 security issue "ip" - exec. by others

    Quote Originally Posted by ken_yap View Post
    I suppose it could be worse, like the guy who though that mode 666 on /dev/null was a mistake and changed it.
    and all that kind.
    Henk van Velden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •