Baselayout /etc/shadow local vulnerability
On Friday, February 27, 2009, we discovered a local vulnerability in Funtoo caused by world-readable permissions on the /etc/shadow file. (credit: Piotr Karbowski)
This issue was due to a bug originating from Gentoo’s baselayout-2.0.0.ebuild that causes the template /usr/share/baselayout/shadow file to be installed to /etc with world-readable permissions.
The security implications of this bug are that local users will be able to retrieve password hashes for all other local users’ accounts, including root. This vulnerability is local, not remote, in nature. It likely affects all Funtoo stage3 tarballs and OpenVZ templates that have a build date earlier than “2009.02.27”.
To resolve this issue manually, type the following command as root:
# chmod 0600 /etc/shadow
To resolve this issue using a Funtoo package update, run the following commands:
# emerge --sync
# emerge baselayout
Ensure that baselayout-2.0.0-r2 is installed, which will ensure that /etc/shadow is readable only by root.
It is also recommended that you reset any critical passwords which may have been exposed to malicious local users.
This security vulnerability may also affect any non-Funtoo stages that were built from scratch using Gentoo’s baselayout-2.0.0.ebuild.
All stages and OpenVZ templates that were affected by this vulnerability have been removed from Funtoo’s mirrors. All Funtoo stages and OpenVZ templates with a build date of “2009.02.27” or later do not have this vulnerability.
This security vulnerability does not impact stable Gentoo stages as Gentoo is not (to our knowledge) currently using the unstable baselayout-2.0.0.ebuild for any of their stage builds.
This bug may affect any unstable Gentoo stages or Gentoo-based distributions that use baselayout-2.0.0.ebuild in their stage builds. If your /etc/shadow file was installed by baselayout-1.x, then it should have proper permissions. This vulnerability will impact you only if your /etc/shadow file was installed by baselayout-2.0.0.
Funtoo will be integrating security audit functionality into Metro in the coming weeks to ensure this specific issue as well as other issues like this are detected immediately, before they can impact users.
6 comments:
actually chmod 0600 /etc/shadow (like what you changed in the ebuild) is appropriate.
in theory chmod ugo-r could leave write or executable permissions on files that shouldn't have it. also why do you want to remove read from the 'user' or 'owner' permission (e.g the u in ugo). given that it's owned by root it doesn't affect a thing, but in a sense that's still improper.
Fixed. Thanks :)
You are a Crack! ;)
Good you're keeping and eye on things. Thanks!
I've added a first round of security checks that will detect if /etc/shadow and a few other critical files and directories have incorrect permissions.
Thanks for this Daniel, much appricate the work you are doing on funtoo
Post a Comment