Bugtraq mailing list archives

Re: libresolv+ bug

From: brian () saturn net (Brian Mitchell)
Date: Sun, 18 Aug 1996 16:03:33 -0400


On Sun, 18 Aug 1996, Theo Van Dinter wrote:

In response to the libresolv+ hole ...  I'm sure there's a better/more
encompassing/cleaner method of fixing it, but here's my patch for ping (I
have the Netkit-B-0.07A source for ping (linux)...  It just switches the
effective uid to nobody (default 65534) around a certain gethostbyname ...
This fixed the problem as far as I can tell on my system...


62a63,64

int kluge;

297a300,301

              kluge=geteuid();
              seteuid(65534);

298a303

              seteuid(kluge);


What about using unsetenv() to remove the vile variables from the
environment at the beginning of the program.

Of course, this all needs to be in libc, kludging your way around ping,
rlogin, traceroute, and especially ssh is not a good thing.


Brian Mitchell                                          brian () saturn net
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

Current thread:

Possible bufferoverflow condition in lpr, xterm and xload, (continued)
- - - Possible bufferoverflow condition in lpr, xterm and xload bloodmask (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Digital Dreamer (Aug 12)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Casper Dik (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Mike Acar (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Elliot Lee (Aug 13)
    - why suid mount (was Re: Possible bufferoverflow condition in lpr, Bryan Reece (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Christopher Masto (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Brian Tao (Aug 15)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload *Unknown* (Aug 17)
    - Re: libresolv+ bug Theo Van Dinter (Aug 17)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Jon Lewis (Aug 18)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - libresolv Xarthon (Aug 18)
    - Re: libresolv Xarthon (Aug 18)
    - Re: libresolv+ bug Nelson Murilo (Aug 18)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Casper Dik (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Brian Mitchell (Aug 19)
    - Re: libresolv+ bug David Holland (Aug 19)

(Thread continues...)