User: Password:
Subscribe / Log in / New account

A backdoor in UnrealIRCd

A backdoor in UnrealIRCd

Posted Jun 18, 2010 5:30 UTC (Fri) by etbe (subscriber, #17516)
Parent article: A backdoor in UnrealIRCd

The ircd module in the SE Linux policy doesn't currently allow execution of shell_exec_t - so a system() call wouldn't work. While the ircd.fc file in the policy source doesn't mention the UnrealIRCd, someone who wanted to run an IRC server on SE Linux would probably try running it with the ircd policy and as in terms of security requirements there is little variation between IRC servers it would probably just work.

sesearch -A -s ircd_t -c file -p execute

If you run the above command on an SE Linux system with the ircd module loaded into the policy it will show the file types that can be executed. That means shared objects in the current policy.

Note that there have been many releases of the policy over the last 10 years and many per-distribution customisations. So I can't claim that every SE Linux policy that was included in every distribution did the right thing in this regard. But the sesearch command allows any SE Linux sysadmin to determine if their system does what they desire.

But it does seem that someone who ran UnrealIRCd on a SE Linux system and who used the correct context for the executable would not be vulnerable to a problem that merely used the system() call.

Of course there are lots of other things that an attacker could potentially do.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds