Bug 12470 - kon2 - potential security disaster for RH7.0
Summary: kon2 - potential security disaster for RH7.0
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kon2   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Nakai
QA Contact:
Whiteboard: Florence Gold
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2000-06-18 22:31 UTC by Chris Evans
Modified: 2008-05-01 15:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-02 22:04:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Chris Evans 2000-06-18 22:31:10 UTC
Hi guys

Well at least this time we spotted it before release ;-)

kon2 comes with three(!) new suid-root executables. Let's meet them:

1) "fld". Doubtful whether or not it should be suid-root. In it's suid-root
status, it's a security disaster - I found a buffer overflow which will
probably allow easy root access.

2) "newvc" - this is doing things like writing entries to /var/run/utmp.
This no longer requires root privilege because we have "utempter".

3) "kon" - I haven't looked at this but it's not a small executable!!

Proposed solution

1) Ship as little as possible suid-root. We should be _decreasing_ not
increasing the amount of suid-root executables, as time goes on.

2) IFF any of the kon2 executables get shipped suid-root, then
a) Audit them, and get someone to do it thoroughly!
b) Ensure that only a user logged on at the console can execute them

b) is very very important because it basically negates any code flaws in
these problems being exploited by users without physical access


Comment 1 Glen Foster 2000-07-18 18:48:35 UTC
This defect is considered MUST-FIX for Winston Beta-5

Comment 2 Erik Troan 2000-07-21 16:31:39 UTC
Won't ship in 8-bit language releases

Comment 3 Glen Foster 2000-07-21 18:06:15 UTC
This defect has been re-classified as MUST-FIX for Winston Gold-release

Comment 4 Matt Wilson 2000-07-21 19:24:05 UTC
This should NOT be a must-fix for Winston gold, it's for JAPANESE Winston gold.

Comment 5 Preston Brown 2000-08-15 14:48:06 UTC

Comment 6 Glen Foster 2000-08-16 22:41:10 UTC
This defect has been re-classified as SHOULD-FIX for Winston Gold-release

OK, we're getting close enough we need to re-focus our attention on this
problem, to make sure the Japanese version gets a look-see at the problem.

Comment 7 Glen Foster 2001-01-11 21:02:57 UTC
This defect is considered MUST-FIX for Florence Gold release

Comment 8 Eido Inoue 2001-02-06 18:23:30 UTC
newvc needs suid root even if it's utempter-ized cause it touches the hardware
and all users need to use it. The buffer overrun potential problem is addressed
in a patch.

kon2 also touches the hardware.

fld will be fixed to be non-fld.

Comment 9 Chris Evans 2001-02-06 18:28:55 UTC
I assume an "everything" install in non-Japanese language
won't install the kon2 package?

Comment 10 Matt Wilson 2001-02-06 18:32:36 UTC
correct.  Only if you check the little box by "support japanese".

Comment 11 Chris Evans 2001-02-06 18:38:46 UTC
Cool. One more point - these are console tools, right?
If so, the privileged ones should _refuse_ to run unless run from
the console. The same trick as used by Xwrapper/pam_console
could be appropriate.
suid-root programs that are console only are a much much smaller

Comment 12 Trond Eivind Glomsrxd 2001-03-09 19:29:45 UTC
Adrian, have you fixed fld yet?

Comment 13 Cristian Gafton 2001-07-26 00:49:55 UTC
So, what is the status of this bug?

Taking myself off the Cc: list...

Comment 14 Kjartan Maraas 2003-04-02 21:58:28 UTC
No news here? Should this still be marked "Red Hat Beta Program"?

Comment 15 Bill Nottingham 2003-04-02 22:04:59 UTC
Hm, maybe should just close it; if there are particular issues with kon, they
can be separate bugs.

Note You need to log in before you can comment on or make changes to this bug.