On Wed, Mar 27, 2024 at 8:37 PM Lee <ler...@gmail.com> wrote: > > I just saw this advisory > Escape sequence injection in util-linux wall (CVE-2024-28085) > https://seclists.org/fulldisclosure/2024/Mar/35 > where they're talking about grabbing other users sudo password. > > Apparently the root of the security issue is that wall is a setguid program? > > Even more fun is the instructions > To make sure the PoC will work, make sure your victim user can > actually receive messages. First check that mesg is set to y > (`mesg y`). If a user does not have mesg turned on, they are not > exploitable. > > WTF?? I've never heard of a mesg, but > $ which mesg > /usr/bin/mesg > > So. There is a program called 'mesg', hrmmm.. > man mesg > ... > Traditionally, write access is allowed by default. However, as users > become more conscious of various security risks, there is a trend to > remove write access by default, at least for the primary login shell. > To make sure your ttys are set the way you want them to be set, mesg > should be executed in your login scripts. > > oof. Are there instructions somewhere on how to make Debian secure by > default?
There are Security Technical Implementation Guides (STIG) for Red Hat, Solaris, SUSE, and Ubuntu. Unfortunately, nothing for Debian. See <https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=unix-linux>. More generally, for Operating Systems, see <https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems>. Jeff
