On 26 Aug 2004, Sylvain Munaut <[EMAIL PROTECTED]> wrote: > Hi, > > On a machine, I had a distcc available to the internet ( yeah, silly me > ... deactivated a firewall rules for a few hours and forgot to > reactivate it ... ) > > It was a distcc 2.13, I know it's not the latest one. And it was > exploited to gain a localshell as the distcc user. Hopefully he didn't > do anything else AFAIK, the root exploit he tried didn't work ( too > recent kernel installed ).
Hi, I'm sorry your machine got compromised. As Alexandre said, since distcc is basically a remote shell, once people are allowed to open a connection they can do pretty much whatever they want inside that userid. I have updated this to make it more clear: http://distcc.samba.org/security.html Do you think that text is OK, or should more be said? Google finds this attack code http://www.metasploit.com/projects/Framework/modules/exploits/distcc_exec.pm You can see it is more a matter of malice than genius. If they didn't get root on your machine then there may be a log message telling you the IP of the connection. You can use that to trace back to the attack and complain to their network and/or the police (not that they generally seem to care). I'd like to make it safer by default; but the protocol probably needs to use plain TCP for performance. Here are some ideas. What do people here think? - Make --allow mandatory; you have to say which networks are trusted - Use a cleartext shared password; not much protection against local attackers but it might have helped in this case. - Work on making SSH more useful, though it will probably never be really fast - Add weaker built-in encryption; this feels wrong - Encourage people to choose nonstandard ports - Try to vet the command line; allow only particular commands. It's not enough to just say "only run gcc" because an attacker might try to send output to a file. This couldn't give total protection but it might help. -- Martin
signature.asc
Description: Digital signature
__ distcc mailing list http://distcc.samba.org/ To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/distcc
