*** From dhcp-server -- To unsubscribe, see the end of this message. ***
Slightly different issue...
Depending upon what you are using DHCP for, you might be opening up a
security hole on the other side. If you use TFTP/NFS for your booting, and
someone has access to the file being booted, they may be able to replace the
bootstrap to give themselves (and everyone else in the environment)
unsecured access to the server. This is possible if everything isn't locked
down, since you ARE allowing them to give a different boot file. Note that
if the user's device's root user maps to the server's root user, this
problem is even larger, since they can then put an SU down that allows them
to do whatever they want.
Dave
> -----Original Message-----
> From: Paul L. Lussier [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, July 01, 1999 1:03 PM
> To: DHCP mailing list
> Subject: Buffer overflow potential question?
>
> *** From dhcp-server -- To unsubscribe, see the end of this message.
> ***
>
>
> Hi all,
>
> Many of our users have a need to be able to stop/start local dhcp servers
> in a
> test environment. We are using a combination of modified sysVinit
> scripts,
> sudo, and world writeable config files to allow the users the cabability
> they
> need without compromising root access.
>
> My question is, is there any currently know way of using the config file
> to
> create a buffer overflow that will grant root access? Or are there any
> other
> security concerns things we should be aware of?
>
> Any help you can provide is greatly appreciated.
>
> Thanks,
>
>
> --
>
> Seeya,
> Paul
> ----
> Please reply to [EMAIL PROTECTED] The corp sendmail people insist
> on
> rewriting outgoing mail (including Reply-to: headers!) to send to
> '@nortelnetworks.com' which we keep telling them is quite broken, but they
> don't listen :)
>
> Broadband Technology Division - Bay Networks (now a Nortel Company, Eh? :)
>
> If you're not having fun, you're not doing it right!
>
>
>
> --------------------------------------------------------------------------
> ----
> To unsubscribe from this list, visit: http://www.isc.org/dhcp-lists.html
> -*-
> If you are without web access, or if you are having trouble with the web
> page,
> please send mail to [EMAIL PROTECTED] with the subject line of
> 'unsubscribe'.
> --------------------------------------------------------------------------
> ----
>
------------------------------------------------------------------------------
To unsubscribe from this list, visit: http://www.isc.org/dhcp-lists.html
-*-
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] with the subject line of
'unsubscribe'.
------------------------------------------------------------------------------
