Security information about vlxsu and vlxchown (SUID bit)
During VISULOX installation the following binaries are set with SUID: -r-sr-xr-x 1 root vlx 18760 Sep 17 14:14 ./lib/platform/vlxchown -r-sr-xr-x 1 root vlx 38007 Sep 17 14:14 ./lib/platform/vlxsu On request and NDA, amitego will provide the source code of these tools for security reviews. |
vlxchown
vlxchown is used to chown files and/or directories to another vlx* user.
Usage
CODE
vlxchown USER PATH [PATH...]Command line arguments
| USER | Unix user matching vlx* in group vlx |
| PATH | Path to a file/directory. The ownership of those files is transferred to USER:vlx |
Security
- Environment variable VLX_HOME must be set.
- Only vlx:vlx can call vlxchown.
- vlxchown must be owned by root:vlx, and setuid.
- Ownership is only transferred between members of the vlx group and from ttaserv.
vlxsu
setuid program to start specific apps as given user.
Usage
CODE
vlxsu [options] <user> <cmd> [<args>...]Command line arguments
| <user> | Name of the user of the target persona |
| <cmd> | Name of the command to run as persona <user> |
| <args> | One or more optional arguments to pass to the program |
Optional arguments (args)
| -h | -help | --help | Show usage and exit |
| -config | Show current vlxsu configuration (my_commands) and exit |
| -debug | Sset debug mode on |
| -x | Delete all files in home directory of <user> |
Security
- Only vlx:vlx can call vlxsu.
- vlxsu must be owned by root:vlx, and setuid.
- The <user> must match a user prefix in my_commands.
- The <command> must match an entry in my_commands.
- Both PATH and LD_LIBRARY_PATH are preset.
- The environment of the target user is restricted.
SETUID
See the 2008 paper "Revising Setuid Demystified" at: http://code.google.com/p/change-process-identity/
In particular, the change of persona fails if the resulting persona is not the target persona.