<<< Date Index >>>     <<< Thread Index >>>

Hobbit monitor: Security issue with Hobbit 4.2-beta client



I was just notified by a Hobbit user that the current beta client has
a security problem in the client "logfetch" utility, when installed as
suid-root (which is the default if "make install" is executed as root).


Impact
------
The effect of this is that any user who is able to login and create
files on a system with the Hobbit client installed, can use the "logfetch" 
utility to get read access to any file on the system.


Which versions are affected
---------------------------
This issue affects all of the pre-release (alfa-, beta- and snapshot-versions) 
of the Hobbit client version 4.2 released until today (2006-Jun-30), when the 
client was installed as root and ~hobbit/client/bin/logfetch is suid-root.

The 4.1.x releases of the Hobbit client does not include the "logfetch"
utility, and are therefore NOT affected by this.


Remedy
------
It is recommended that you remove the suid bit from the logfetch utility
on systems where you have installed the Hobbit 4.2-beta client package.

To do this:
     chmod 755 ~hobbit/client/bin/logfetch

Note that this may cause logfile monitoring to break, if the client does
not have read access to the monitored logfiles.

Running logfetch as suid-root will most likely be removed in the final 
Hobbit 4.2 release of the client.


Regards,

Henrik Storner, the Hobbit developer