Bugtraq mailing list archives
Re: SECURITY: redhat, the saga continues..
From: cadams () RO COM (Chris Adams)
Date: Fri, 3 Jul 1998 13:21:03 -0500
Once upon a time, twiztah wrote
Security problems have been found in dosemu and libtermcap. These security problems allow users on your local system to gain root access, and should be fixed as soon as possible.
Beware the fix to libtermcap. Sure, it closes the root hole, but it
also keeps users from running most programs that use libtermcap.
The patch includes
if(setfsuid(getuid()))
return NULL;
The setfsuid(getuid()) will always succeed (so the test is not
necessary), but it returns the previous fsuid on success. That will
only be 0 when the program is setuid-root or being run by root, so for
most programs run by normal users, the call to open the termcap file
fails.
Change the patch to just be
setfsuid(getuid());
and it will work fine. The same goes for the setfsgid() call.
--
Chris Adams - cadams () ro com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.
Current thread:
- ircd 2.9.5 & ircii-pana DNS problems Michal Zalewski (Jun 30)
- qpopper2.52 Alan J Rosenthal (Jul 02)
- Re: qpopper2.52 Dan Jacobowitz (Jul 02)
- ALERT: Microsoft IIS ASP - $DATA issue update Aleph One (Jul 02)
- Re: ircd 2.9.5 & ircii-pana DNS problems Valdis.Kletnieks () VT EDU (Jul 02)
- SECURITY: redhat, the saga continues.. twiztah (Jul 02)
- Windows95 Proxy DoS Vulnerabilites Ryan Nichols (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Jim Bourne (Jul 02)
- Re: SECURITY: redhat, the saga continues.. Chris Adams (Jul 03)
- more about 'at' J.A. Gutierrez (Jul 03)
- qpopper2.52 Alan J Rosenthal (Jul 02)