Bugtraq mailing list archives

Re: libresolv+ bug

From: felicity () kluge net (Theo Van Dinter)
Date: Sun, 18 Aug 1996 02:56:16 -0400


In response to the libresolv+ hole ...  I'm sure there's a better/more
encompassing/cleaner method of fixing it, but here's my patch for ping (I
have the Netkit-B-0.07A source for ping (linux)...  It just switches the
effective uid to nobody (default 65534) around a certain gethostbyname ...
This fixed the problem as far as I can tell on my system...


62a63,64

int kluge;

297a300,301

              kluge=geteuid();
              seteuid(65534);

298a303

              seteuid(kluge);


--
-----------------------------------------------------------------------------
Theo Van Dinter                          www: http://www.kluge.net/~felicity/
Vice-President WPI Lens and Lights           Active Member in SocComm and ACM

                A third less filling than our regular taglines.
-----------------------------------------------------------------------------

Current thread:

mount/umount realpath() buffer overflow, (continued)
- - - mount/umount realpath() buffer overflow David J. Meltzer (Aug 13)
    - Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
    - why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
    - Re: libresolv+ bug Theo Van Dinter (Aug 17)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Jon Lewis (Aug 18)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - libresolv Xarthon (Aug 18)
    - Re: libresolv Xarthon (Aug 18)
    - Re: libresolv+ bug Nelson Murilo (Aug 18)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Casper Dik (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Brian Mitchell (Aug 19)

(Thread continues...)