Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
wwwoffle - SuSE 7.x (/etc/wwwoffle owned by wwwrun)
This one has bothered me a bit, I can understand why wwwoffled(8) needs to
access the spool directory, but it strikes me as being a bit odd having the
config directory owned by wwwoffle.

Could this be exploitable, in the event of a hole in wwwoffled(8)?

It seems rather contrary to spirit of the wwwrun login, to have a system
directory modifiable by it. I assume the user is there to minimise impact in
event of wwwoffled(8) being compromised, but currently it could write to it's
own config file, surely a _bad_ thing.

linux:/etc/wwwoffle # ps auxww | grep wwwoff
wwwrun 420 0.0 0.2 2200 740 ? S Jan06 0:02
/usr/sbin/wwwoffled -c /etc/wwwoffle/wwwoffle.conf
root 9317 0.0 0.2 1620 596 pts/4 S 17:38 0:00 grep wwwoff
linux:/etc/wwwoffle # ls -lgd /var/spool/wwwoffle
drwxr-x--- 20 wwwrun root 453 Jun 4 2001 /var/spool/wwwoffle
linux:/etc/wwwoffle # ls -lgd /etc/wwwoffle/
drwxr-x--- 3 wwwrun root 173 Jan 7 17:14 /etc/wwwoffle/
linux:/etc/wwwoffle # ls -lgd /old/root/etc/wwwoffle/
drwxr-x--- 3 wwwrun root 83 Nov 2 13:39
/old/root/etc/wwwoffle/linux:/etc/wwwoffle

The '/old/root' stuff is a backup of my SuSE 7.1 config so I know it's
affected as well.

I would expect something like root ownership, with read access to a group
that wwwrun is in, if the wwwoffle config directory is sensitive enough to
prevent world read access. chmod 570 /etc/wwwoffle won't work because the
owner could chmod the directory :(

Rob


< Previous Next >
This Thread
  • No further messages