dosemu-0.98.5 (stable) available

Fri, 15 Jan 1999 21:36:45 -0500 


Hi Friends and Users of DOSEMU,

Just uploaded dosemu-0.98.5 (stable) to the usual places:

  ftp.dosemu.org:/dosemu/Development/...
  tsx-11.mit.edu:/pub/linux/ALPHA/dosemu/...
                     .../patchset-0.98.5.tgz
                     .../dosemu-0.98.5.tgz
                     .../dosemu-0.98.5-1.i386.rpm

The md5sums are:
a2a64946f1aec9d878c44ec454b016f7  dosemu-0.98.5-1.i386.rpm
75aa14e5b68abfc3dff94f4ffdc92d38  dosemu-0.98.5.tgz
e1d2a474ebad8085a4866a4171e4e216  patchset-0.98.5.tgz

Among some other fixes it now contains slang-1.2.2. Earlier
slang versions had a security whole, and if compiling dosemu with
a default setup, a vulnerable slang library was linked in.

This 'vulnerability' of dosemu <= 0.98.4 was reported on bugtrack and
lead to a deep diskussion on our internal developers list about
'security' of dosemu. The conclusion of this discussion was:

  1. When running dosemu suid-root in full feature mode, its inherently
     insecure (well, as DOS is itself;-). You may reduce the threat by
     setting 'secure' in dosemu.conf, but that would not be a problem for
     evil hackers. Hence, you _never_ should let a suid-root dosemu
     run by untrusted users, period.

  2. You _can_ savely control the access to dosemu via /etc/dosemu.users
     and forbid/allow suid-root execution for dedicated users. This check
     for dosemu.users is done at the very beginning _before_ any
     initialization and before DOS actually is booted and, more important,
     this also was done for the 'vulnerable' dosemu-0.98.x releases.
     So, if you did configure your dosemu.users correctly, you had _not_
     been vulnerable at any time, even with the vulnerable slang library.

  3. _If_ you allow the world to execute your suid-root dosemu binary,
     well, then a potential intruder would be very stupid to use the
     complicated slang-lib exploit, its much easier to do other wise ;-)

  4. If you want to run dosemu for unknown users, then let it run
     non-suid-root. Though it then has restricted functionality, most
     of what you want to offer to those users will be functional:
     It can run on any slang terminal, it can run under X, it can
     operate on serial ports, it can even execute DPMI programms
     (what is very insecure when running suid-root).
     Hence, just run dosemu non-suid-root if you want to be secure.

Conclusion: though we now have closed the bugtrack reported hole, please,
don't think you now can set the s-bit savely without tuning your
dosemu.users. You can't !!!

Nevertheless, have a lot of fun,
Hans
<[EMAIL PROTECTED]>

Reply via email to