Bug 12470 - kon2 - potential security disaster for RH7.0
kon2 - potential security disaster for RH7.0
Product: Red Hat Linux
Classification: Retired
Component: kon2 (Show other bugs)
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nakai
Florence Gold
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-06-18 18:31 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-02 17:04:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2000-06-18 18:31:10 EDT
Hi guys

Well at least this time we spotted it before release ;-)

kon2 comes with three(!) new suid-root executables. Let's meet them:

1) "fld". Doubtful whether or not it should be suid-root. In it's suid-root
status, it's a security disaster - I found a buffer overflow which will
probably allow easy root access.

2) "newvc" - this is doing things like writing entries to /var/run/utmp.
This no longer requires root privilege because we have "utempter".

3) "kon" - I haven't looked at this but it's not a small executable!!

Proposed solution

1) Ship as little as possible suid-root. We should be _decreasing_ not
increasing the amount of suid-root executables, as time goes on.

2) IFF any of the kon2 executables get shipped suid-root, then
a) Audit them, and get someone to do it thoroughly!
b) Ensure that only a user logged on at the console can execute them

b) is very very important because it basically negates any code flaws in
these problems being exploited by users without physical access

Comment 1 Glen Foster 2000-07-18 14:48:35 EDT
This defect is considered MUST-FIX for Winston Beta-5
Comment 2 Erik Troan 2000-07-21 12:31:39 EDT
Won't ship in 8-bit language releases
Comment 3 Glen Foster 2000-07-21 14:06:15 EDT
This defect has been re-classified as MUST-FIX for Winston Gold-release
Comment 4 Matt Wilson 2000-07-21 15:24:05 EDT
This should NOT be a must-fix for Winston gold, it's for JAPANESE Winston gold.
Comment 5 Preston Brown 2000-08-15 10:48:06 EDT
Comment 6 Glen Foster 2000-08-16 18:41:10 EDT
This defect has been re-classified as SHOULD-FIX for Winston Gold-release

OK, we're getting close enough we need to re-focus our attention on this
problem, to make sure the Japanese version gets a look-see at the problem.
Comment 7 Glen Foster 2001-01-11 16:02:57 EST
This defect is considered MUST-FIX for Florence Gold release
Comment 8 Eido Inoue 2001-02-06 13:23:30 EST
newvc needs suid root even if it's utempter-ized cause it touches the hardware
and all users need to use it. The buffer overrun potential problem is addressed
in a patch.

kon2 also touches the hardware.

fld will be fixed to be non-fld.
Comment 9 Chris Evans 2001-02-06 13:28:55 EST
I assume an "everything" install in non-Japanese language
won't install the kon2 package?
Comment 10 Matt Wilson 2001-02-06 13:32:36 EST
correct.  Only if you check the little box by "support japanese".
Comment 11 Chris Evans 2001-02-06 13:38:46 EST
Cool. One more point - these are console tools, right?
If so, the privileged ones should _refuse_ to run unless run from
the console. The same trick as used by Xwrapper/pam_console
could be appropriate.
suid-root programs that are console only are a much much smaller
Comment 12 Trond Eivind Glomsrxd 2001-03-09 14:29:45 EST
Adrian, have you fixed fld yet?
Comment 13 Cristian Gafton 2001-07-25 20:49:55 EDT
So, what is the status of this bug?

Taking myself off the Cc: list...
Comment 14 Kjartan Maraas 2003-04-02 16:58:28 EST
No news here? Should this still be marked "Red Hat Beta Program"?
Comment 15 Bill Nottingham 2003-04-02 17:04:59 EST
Hm, maybe should just close it; if there are particular issues with kon, they
can be separate bugs.

Note You need to log in before you can comment on or make changes to this bug.