Bugtraq mailing list archives
Re: IRIX /var/inst/patchbase
From: renauda () SGI COM (Alain Renaud)
Date: Sat, 25 Oct 1997 09:28:07 -0400
The patchbase directory is always 700 the only way to change that is to do it by hand. So I don't see this as a major issue... the reason the patchbase directory exist is to be able to remove a patch after it's been install. if you fell there is an issue you can always do cd /var/inst/patchbase rm -rf . This will only prevent you from removing the patch you installed.... Hope this help. ____________________________________________________________________ Alain Renaud renauda () sgi com Region Technical Analyst Silicon Graphics Cray Research Inc. "Have a nice day! ... Unless you have other plans ...." ____________________________________________________________________ On Thu, 23 Oct 1997, Paul Tatarsky wrote:
I checked to see if this had been brought up before on Bugtraq, if it has been, I apologize. Didn't see it in the archive. Has anyone ever noticed that the IRIX inst patch installs hide away a copy of the patched binary in /var/inst/patchbase? While fine I guess for some things where a rollback might be needed, I also noticed that the various setuid buffer overrun binaries that we patched are saved away with the setuid bits retained. For example (as root): cd /var/inst/patchbase/usr/bsd ls -al ordist -rwsr-xr-x 1 root sys 79208 Sep 1 15:42 ordist* Now, while so far I haven't found /var/inst/patchbase directory permissions set to anything but root owner, mode 700, I wonder if that is just thanks to the umask when the inst program is first run? Does anyone have a world/group readable /var/inst/patchbase? Because if you do, you could still have a problem. We are now considering adding this step to adding a patch that is for setuid buffer overflow style problems in IRIX. versions removehist patchSGxxxxxxx That cleans up the stored patchbase items according to the README's. I don't know if that creates any other problems in installing future patches. Of course you could always remove the setuid bit as well. I'd be curious if other vendors store away patched binaries setuid like that. Doesn't seem like a real good idea. -------------------------------------------------------------------- Paul Tatarsky paul () cse ucsc edu UC Santa Cruz CE/CIS Systems Manager --------------------------------------------------------------------
Current thread:
- Remotely kill Solaris syslogd lb - STAFF (Oct 21)
- Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Oops: Re: Remotely kill Solaris syslogd Andrew Reynhout (Oct 21)
- Responses to syslogd killing lb (Oct 21)
- Re: Responses to syslogd killing Zack Weinberg (Oct 21)
- <Possible follow-ups>
- Re: remotely kill solaris syslogd Chris Wilson (Oct 21)
- Re: remotely kill solaris syslogd Paul Tatarsky (Oct 23)
- IRIX /var/inst/patchbase Paul Tatarsky (Oct 23)
- Re: IRIX /var/inst/patchbase Alain Renaud (Oct 25)
- KSR[T] Advisory #004: printfilter / groff / lpd KSR[T] (Oct 25)