Bugtraq mailing list archives
Keeping Solaris up-to-date: summary
From: jr () SCMS RGU AC UK (John RIddoch)
Date: Wed, 20 Jan 1999 10:15:24 +0000
As promised, here is a summary of comments from BUGTRAQ readers: Robert Watson raised an issue about a potential race condition while the script reads the file data in. If the file is modified during the running of the script, inconsistent data is likely to be read. While there is no obvious exploit to this, it is still considered a bug. Some kind of file-locking could be implemented to prevent this, especially since all hosts are Solaris machines. He also raised the issue that NFS is not cryptographically protected and is not a particularly secure transport. Several people asked about brining the system down to single user mode (as is recommended, especially for kernel patches). No, I haven't looked at that as yet, although I may consider trying to implement it. However, I haven't experienced any problems with applying patches to live systems as yet. Everett Lipman raised concern about running an NFS-mounted script, as it becomes trivial to break root on multiple machines if the NFS server is cracked. The obvious fix is to install the script on each machine (say, in /usr/sbin). He also pointed out that the NFS-server could share the directory read-only for added safety. This was, in fact, what I had done (although I didn't mention it). Corey Lindsly also pointed out that blithely applying patches can be a Bad Thing as patches have been known to break systems. Finally, something which no-one actually pointed out to me was that there is no checking of the data read in from the patch_list file; simply having a line: 123456-12;rm -rf / would delete the machine (the danger of using system() calls). I plan on implementing bounds checking this in the script. Finally, I've put the stuff regarding this on the web at http://www.scms.rgu.ac.uk/staff/jr/computing/unix/perl/patchupdate.shtml This includes the issues raised above and some better instructions on how to install and set up the script. Any further updates will be posted there. -- John Riddoch Email: jr () scms rgu ac uk Telephone: (01224)262730 Room C4, School of Computer and Mathematical Science Robert Gordon University, Aberdeen, AB25 1HG "Yoda of Borg are we: Futile is resistance. Assimilate you, we will"
Current thread:
- Another web-based mail reader hole, (continued)
- Another web-based mail reader hole Dave Pifke (Jan 18)
- Re: Another web-based mail reader hole Peter van Dijk (Jan 19)
- Re: Sendmail 8.8.x/8.9.x bugware Michal Zalewski (Jan 18)
- Re: Sendmail 8.8.x/8.9.x bugware Nic Bellamy (Jan 19)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
- Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
- Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)