> > > Pardon my ignorance but what exactly are "crak" and "cops"? > > Cops: security checker.
Cops does some cute things. First off, it checks for some obvious things like, say, your /var/spool/cron/crontabs dir being world-writable or your hosts.equiv file being world writable, etc.... It's got one really *cute* feature called "kuwang", I think. Basically, it's supposed to find ways that a user can gain root access through a *process*. For example, let's we've got three users on the system: "A", "B", and root. Let's also say that A's primary group is "X" but it's also in "Z". B's primary group is "Z" and is also in the "root" group. Further, let us assume that B was careless enough to turn on group write permissions for his/her .profile. So, we've got something like this: % ls -l /home/B/.profile -rwxrwxr-x B Z 1534 Jan 17 12:34 .profile And let us assume the same of root: % ls -l /root/.profile -rwxrwxr-x root root 2543 Feb 23 16:32 .profile Well, now, it's possible for user "A" to gain root privledges. A will be able to write to "B"s .profile and, hence, will be able to run anything as "B". This means that "A" (while running something as "B") will be able to write to "root"s .profile and will be able to run anything as root. I know this seems preposterous... like you need this impossible conspiracy of little misconfigurations to allow for a security hole of this nature... but it's really not that impossible. Imagine, for example, if you put a certain user in the "www" group to allow them to maintain a portion of your web site. Also imagine that you've added "www" to the "root" group so that certain CGI scripts will be able access some files that www doesn't normally have access to. Well, now you're more than half way there... and you got there by doing two things that, in themselves, didn't seem as all that unreasonable. So, to keep a long story from getting any longer, that is what kuwang is supposed to do. I'm not sure if it really *does*, since it's never found a hole like that on my machine yet. - Joe -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
