[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] need help checking a file status
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] need help checking a file status
- From: Henrik Stoerner <henrik (at) hswn.dk>
- Date: Tue, 30 Sep 2008 13:34:14 +0000 (UTC)
- Newsgroups: lists.hobbit
- Organization: Linux Users Inc.
- References: <84AE996EE1457F4DB43A05348E32C33F5ABDBE (at) ac-hq-exch.corp.americashloans.net> <OF9AA9BAD5.6A65E96B-ONC12574C0.0067626D-C12574C0.00679655 (at) machcorp.lan> <84AE996EE1457F4DB43A05348E32C33F5AC37D (at) ac-hq-exch.corp.americashloans.net> <0DC212FE7F69B24F81D2C4F1E65FCC23034C0DA6 (at) svits11.main.ad.rit.edu> <EC70BBBBD43A8B468D2460FE1CFAAA2614832A1A (at) EX1.nibco.com> <48CA0266.4020605 (at) hebis.uni-frankfurt.de> <48CA0266.4020605 (at) hebis.uni-frankfurt.de> <EC70BBBBD43A8B468D2460FE1CFAAA2614885107 (at) EX1.nibco.com>
- User-agent: nn/6.7.3
In <EC70BBBBD43A8B468D2460FE1CFAAA2614885107 (at) EX1.nibco.com> "Kauffman, Tom" <KauffmanT (at) nibco.com> writes:
>Well, among other things - the file that went missing was a crontab . . .
>I've built a small perl script to get the data and dump it out to the clien=
>t data stream; hobbit runs it via sudo. I'm also looking at logfetch.c, the=
> hobbit program that does the process. I can see Henrik has thought about t=
>his, because the code to get and drop root permissions is present - bracket=
>ed by ifdefs for 'BIG_SECURITY_HOLE'.
>I need to satisfy myself about the logfetch code, and then I think a recomp=
>ile may be in order.
The BIG_SECURITY_HOLE shows up because logfetch has no way of validating
that it is using a configuration file that hasn't been tampered with. So
if you run logfetch as root, you can feed it a config file listing secret
files that you want to read (like /etc/shadow), and it will happily read them
for you and put the contents into the Hobbit client-message. Not good ...
A custom status-check might be the simplest way of doing what you want.
Henrik