Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: load.root (loadmodule hole)
From: Urban.Kaveus () edt ericsson se (Urban)
Date: Fri, 15 Sep 1995 15:44:04 +0200


/*****************************************************************

   This wrapper program will HOPEFULLY protect you against the
   bug in in loadmodule described by 8lgm.

   Do like this:

   First, let us assume you name this program "wrapper.c" and
   you store it under /usr/openwin/bin.

   Then, execute the following commands as root:

      sunos # cd /usr/openwin/bin
      sunos # mv loadmodule loadmodule.original
      sunos # chmod 700 loadmodule.original
      sunos # cc -o loadmodule wrapper.c
      sunos # chmod 4755 loadmodule

   Now you should have :

      sunos # ls -l loadmodule*
      -rwsr-xr-x  1 root        24576 Sep 15 12:13 loadmodule
      -rwx------  1 root        24576 Jul 24 17:36 loadmodule.original

   Use at own risk !

   Written 1995-09-15 by Urban Kaveus, LM Ericsson Data AB

******************************************************************/

#include <string.h>

main(argc,argv,envp)
     int argc;
     char **argv, **envp;
{
        char **c;

        c=envp;

        while( *c ) {
          if (strncmp(*c,"IFS=",4) == 0 ) {
            (*c)[4] = 0; /* Truncate all instances of IFS ! */
          }
          c++;
        }

/* Become root and run the original version of loadmodule. */

        setuid(0);
        execve("/usr/openwin/bin/loadmodule.original",
               argv, envp );
}



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault