≡ Menu

privilege

Download of the day: OpenBSD 4.6 CD ISO Images

OpenBSD 4.6 has been released and available for download from the official website. OpenBSD is well known for record of more than ten years with only two remote holes in the default install. The OpenBSD is widely known for the quality open source code and documentation, uncompromising position on software licensing, and focus on security and code correctness.
[click to continue…]

Ubuntu Linux today pushed out a new version of Linux kernel to fix serval local and remote security issues. A malicious CIFS server could cause a client system crash or possibly execute arbitrary code with kernel privileges. On SMP systems, a race condition existed in fcntl(). Local attackers could perform malicious locks, causing system crashes and leading to a denial of service. This security issue affects the following Ubuntu, Kubuntu, Edubuntu, and Xubuntu. releases:

=> Ubuntu 6.06 LTS
=> Ubuntu 7.04
=> Ubuntu 7.10

To fix this issue type the following two commands:
$ sudo apt-get update
$ sudo apt-get upgrade

You need to reboot your computer to effect the necessary changes, enter:
$ sudo reboot

Debian Linux has issued a security update for its dbus package which is simple interprocess messaging system for X11 and other software parts under Linux. There is privilege escalation bug i.e. it performs insufficient validation of security policies, which might allow local privilege escalation:
=> Package : dbus
=> Vulnerability : programming error
=> Problem type : local
=> Debian-specific: no
=> CVE Id(s) : CVE-2008-0595

How do I fix this bug

Type the following two commands to update the internal database, followed by actual installation of corrected package:
# apt-get update
# apt-get upgrade

Chrooted jail allows run command or service such as http / mysql / postfix with special root directory i.e. chroot changes the root directory for application. The biggest benefit is a service that is re-rooted to another directory cannot access files outside that directory. Basically you are going to set service in sandbox. Chrooting offers the following 2 benefits:

[a] Service Isolation

[b] Privilege Separation

But how do you find out if service / server is chrooted or not under Linux?

Simply run ls -ld command on /proc/MAIN-PID/root directory.

For example, find out if httpd chrooted or not:
pidof httpd
Output:

23456

Run ls command:
ls -ld /proc/23456/root
Output:

lrwxrwxrwx 1 root root 0 Sep 10 02:52 /proc/23456/root -> /wwwdata

Find out if postfix is chrooted or not (PID 4645):
ls -ld /proc/4645/root
Output:
lrwxrwxrwx 1 root root 0 Sep 10 02:59 /proc/4645/root -> /
The PID 4645 pointing out to / (root) i.e. the root directory for application is not changed or chrooted. This is a quick and dirty way to find out if application is chrooted or not w/o opening configuration files.