Bugtraq mailing list archives
IRIX /var/inst/patchbase
From: paul () CSE UCSC EDU (Paul Tatarsky)
Date: Thu, 23 Oct 1997 09:48:22 -0700
I checked to see if this had been brought up before on Bugtraq, if it has been, I apologize. Didn't see it in the archive. Has anyone ever noticed that the IRIX inst patch installs hide away a copy of the patched binary in /var/inst/patchbase? While fine I guess for some things where a rollback might be needed, I also noticed that the various setuid buffer overrun binaries that we patched are saved away with the setuid bits retained. For example (as root): cd /var/inst/patchbase/usr/bsd ls -al ordist -rwsr-xr-x 1 root sys 79208 Sep 1 15:42 ordist* Now, while so far I haven't found /var/inst/patchbase directory permissions set to anything but root owner, mode 700, I wonder if that is just thanks to the umask when the inst program is first run? Does anyone have a world/group readable /var/inst/patchbase? Because if you do, you could still have a problem. We are now considering adding this step to adding a patch that is for setuid buffer overflow style problems in IRIX. versions removehist patchSGxxxxxxx That cleans up the stored patchbase items according to the README's. I don't know if that creates any other problems in installing future patches. Of course you could always remove the setuid bit as well. I'd be curious if other vendors store away patched binaries setuid like that. Doesn't seem like a real good idea. -------------------------------------------------------------------- Paul Tatarsky paul () cse ucsc edu UC Santa Cruz CE/CIS Systems Manager --------------------------------------------------------------------
Current thread:
- Remotely kill Solaris syslogd lb - STAFF (Oct 21)
- Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Oops: Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Responses to syslogd killing lb (Oct 21)
- Re: Responses to syslogd killing Zack Weinberg (Oct 21)
- <Possible follow-ups>
- Re: remotely kill solaris syslogd Chris Wilson (Oct 21)
- Re: remotely kill solaris syslogd Paul Tatarsky (Oct 23)
- IRIX /var/inst/patchbase Paul Tatarsky (Oct 23)
- Re: IRIX /var/inst/patchbase Alain Renaud (Oct 25)
- KSR[T] Advisory #004: printfilter / groff / lpd KSR[T] (Oct 25)