From owner-doc-jp@jp.freebsd.org  Wed Sep  6 12:51:50 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id MAA65723;
	Wed, 6 Sep 2000 12:51:50 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from tortoise.jp.freebsd.org (root@tortoise.jp.FreeBSD.ORG [210.157.158.41])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id MAA65717
	for <doc-jp@jp.freebsd.org>; Wed, 6 Sep 2000 12:51:49 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (waterblue.imgsrc.co.jp [2001:218:422:2:2d0:b7ff:fea0:d487])
	by tortoise.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP/IPv6 id MAA06964
	for <doc-jp@jp.freebsd.org>; Wed, 6 Sep 2000 12:51:48 +0900 (JST)
	(envelope-from kuriyama@FreeBSD.org)
Received: from waterblue.imgsrc.co.jp (localhost [127.0.0.1])
	by waterblue.imgsrc.co.jp (8.11.0/8.11.0) with ESMTP id e863pdG75397
	for <doc-jp@jp.freebsd.org>; Wed, 6 Sep 2000 12:51:40 +0900 (JST)
Date: Wed, 06 Sep 2000 12:51:39 +0900
Message-ID: <7mg0ne9nzo.wl@waterblue.imgsrc.co.jp>
From: Jun Kuriyama <kuriyama@FreeBSD.org>
To: doc-jp@jp.freebsd.org
In-Reply-To: In your message of "3 Sep 2000 00:25:55 GMT"
	<200009030024.JAA28215@mail.geocities.co.jp>
References: <20000814225114.12D9837B6B4@hub.freebsd.org>
	<200009030024.JAA28215@mail.geocities.co.jp>
User-Agent: Wanderlust/1.1.1 (Purple Rain) SEMI/1.13.7 (Awazu) FLIM/1.13.2 (Kasanui) MULE XEmacs/21.1 (patch 12) (Channel Islands) (i386--freebsd)
MIME-Version: 1.0 (generated by SEMI 1.13.7 - "Awazu")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7682
Subject: [doc-jp 7682] Re: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:36.ntop
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: kuriyama@FreeBSD.org

At 3 Sep 2000 00:25:55 GMT,
Hiroki Sato <hrs@geocities.co.jp> wrote:
>  1) "perimeter firewall" $B$NLu!#(B
> 
>    $BLu$,;W$$$D$+$J$+$C$?$N$GC1$K%U%!%$%"%&%)!<%k$H$7$F$^$9!#(B

$B!!Lu$7$K$/$$$+$i$=$l$G$$$$$H;W$&!#0lHV30B&$K$"$k(B firewall $B$N$3$H$r;X$7$F(B
$B$$$k$N$+$J$"!#(B

>  2)
> 
>  |Due to the lack of attention to security in the ntop port no simple
>  |fix is possible: for example, the local root overflow can easily be
>  |fixed, but since ntop holds a privileged network socket a member of...
> 
>   $B$N(B "local root overflow".  $B0UL#$,$o$+$i$J$$$N$G$9$,!"(B
>   $B$3$&$$$&MQ8l$,$"$k$s$G$7$g$&$+(B?
> 
>   buffer overflow $B$N$3$H$J$N$+!"(Blocal root compromise $B$N$3$H$J$N$+$H(B
>   $B$$$m$$$mA[A|$7$F$_$^$7$?$,!"7k6INI$/$o$+$i$J$$$N$G(B buffer overflow $B$K(B
>   $B$7$F$"$j$^$9!#(B

$B!!(Blocal machine $B$,$?$/$5$s$N(B root $B$G0n$l$+$($C$F$7$^$&$h$&$JLdBj!"$J$o$1(B
$B$J$/$F!"(Blocal $B$J(B root compromise $B$J(B buffer overflow $B$N$3$H$G$7$g$&$M!#N,(B
$B$7$9$.$@$C$F$P!#!d(B Kris

> By default the ntop port is installed setuid root and only executable
> by root and members of the 'wheel' group. The 'wheel' group is
> normally only populated by users who also have root access, but this
> is not necessarily the case (the user must know the root password to
> increase his or her privileges). ntop allows a member of the wheel
> group to obtain root privileges directly through a local exploit.
> 
> $BI8=`@_Dj$G$O(B, ntop $B$N(B port $B$O(B root $B%f!<%6$G(B setuid $B$5$l$F(B
> $B%$%s%9%H!<%k$5$l$k$?$a(B, $B<B9T$G$-$k$N$O(B root $B$*$h$S(B 'wheel' $B%0%k!<%W$K(B
> $BB0$9$k%a%s%P$@$1$G$9(B.  'wheel' $B%0%k!<%W$O(B root $B8"8B$G$N%"%/%;%9$b2DG=$J(B
> $B%f!<%6$N$_$K$h$C$F9=@.$5$l$k$N$,IaDL$G$9$,(B, $B$=$&$G$J$1$l$P$J$i$J$$(B,
> $B$H$$$&$o$1$G$O$"$j$^$;$s(B ($B%f!<%6$,(B root $B8"8B$rF@$k$K$O(B, root $B%f!<%6$N(B
> $B%Q%9%o!<%I$rCN$kI,MW$,$"$j$^$9(B).  ntop $B$r0-MQ$9$k$3$H$G(B,
> wheel $B%0%k!<%W$KB0$9$k%a%s%P$OD>@\(B root $B8"8B$rF@$k$3$H$,2DG=$K$J$j$^$9(B.

$B!!$A$g$C$H0UL#$,JQ$o$C$F$7$^$C$F$k!#!VI8=`@_Dj$G$O(B, ntop $B$N(B port $B$O(B
root $B%f!<%6$G(B setuid $B$5$l$F%$%s%9%H!<%k$5$l$F$*$j(B, $B<B9T$G$-$k$N$O(B root
$B$*$h$S(B 'wheel' $B%0%k!<%W$KB0$9$k%a%s%P$@$1$K$J$C$F$$$^$9!W$+$J!#(Bsetuid
root $B$H!"%f!<%6$,<B9T2DG=$+$I$&$+$K$O0x2L4X78$OL5$$!#(B

> ntop port $B$O%;%-%e%j%F%#$KBP$9$kG[N8$,7g$1$F$$$k$?$a(B, $BLdBj$r4JC1$K(B
> $B=$@5$9$k$3$H$OIT2DG=$G$9(B.  $B$?$H$($P(B, $B0lIt$N%P%C%U%!%*!<%P%U%m!<$O(B
> $BMF0W$K=$@5$9$k$3$H$,$G$-$^$9$,(B, ntop $B$O9b$$8"8B$r;}$C$?(B
> $B%M%C%H%o!<%/%=%1%C%H$rJ];}$7$F$$$k$?$a(B, wheel $B%0%k!<%W$KB0$9$k%a%s%P$O(B
> ntop $B$K$"$kB>$N%;%-%e%j%F%#>e$N<eE@$r0-MQ$9$k$3$H$G(B,
> $BA4%M%C%H%o!<%/%H%i%U%#%C%/$X$ND>@\E*$JFI$_$@$7%"%/%;%9$r(B
> $B<j$KF~$l$k$3$H$,$G$-$^$92DG=@-$,$"$j$^$9(B.
> $B$3$l$O0MA3$H$7$F(B, $B5;=QE*$J%;%-%e%j%F%#LdBj$r;D$9$b$N$G$9(B.

$B!!!V<j$K$$$l$k$3$H$,$G$-$k2DG=@-$,$"$j$^$9!W(B


-- 
Jun Kuriyama <kuriyama@FreeBSD.org> // FreeBSD Project
