Software Engineering Institute

DISA provides SRR scripts to help perform security reviews of various operating systems and applications. The UNIX SRR scripts check versions of various programs by searching the root file system and executing programs with options to display version information. The scripts generally use find(1) with the -exec expression primary. The scripts execute programs based on file name. If an attacker can place a file with an appropriate name on the file system, that file will be executed by the SRR script. The SRR scripts are designed to be run with root privileges.

An attacker who is able to write a file under the root file system (most likely, but not necessarily a local user) can execute arbitrary code with root privileges.

The DISA Field Security Office (FSO) is reviewing the UNIX SRR scripts and preparing changes to address these issues.

Modify SRR scripts

Given sufficient understanding of the SRR scripts, it is possible to modify them to skip the program execution steps or change to a less privileged user before executing the programs.

Determine version information safely

Take care when executing programs as root, to determine version information or for any other reason.

• Determine version information passively, for instance, by checking file properties.
• Execute programs with version options using a non-privileged account.
• Execute only trusted programs, for example, using absolute file paths and files/directories that are not writable by non-root users.