|
Bugtraq
mailing list archives
Re: SECURITY: redhat, the saga continues..
From: jbourne () HARDROCK ORG (Jim Bourne)
Date: Thu, 2 Jul 1998 23:29:10 -0700
On Thu, 2 Jul 1998, twiztah wrote:
Security problems have been found in dosemu and libtermcap. These security
problems allow users on your local system to gain root access, and should
be fixed as soon as possible.
Under redhat 4.2 running both libc-5.3.12 and libc-5.4.44 the
termcap-2.0.8-setuid.patch I believe was incorrect and will cause any
program using libtermcap to fail if the user is not root.
I corrected the patch to work on our systems, if this is incorrect please,
correct me :)
Regards,
Jim
--- termcap-2.0.8/termcap.c~ Tue Apr 16 04:23:23 1996
+++ termcap-2.0.8/termcap.c Thu Jul 2 23:26:54 1998
@@ -366,8 +366,18 @@
printf("Using file %s\n", tc_file);
#endif
+ if(setfsuid(getuid()) != getuid())
+ return NULL;
+ if(setfsgid(getgid()) != getgid())
+ return NULL;
/* Now read the termcap file. */
- if ((fp = fopen(tc_file, "r")) == NULL) return(NULL);
+ fp = fopen(tc_file, "r");
+
+ setfsuid(geteuid());
+ setfsgid(getegid());
+
+ if(fp==NULL)
+ return(NULL);
while(term) {
if (++loop > 16) {
--
James Bourne | Email: jbourne () hardrock org
No. 2 Harbourview Ventures Ltd. | WWW: http://www.hardrock.org/
Everything Unix | Linux-The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration
 By Date 
By Thread
Current thread:
- Re: qpopper2.52, (continued)
|
Intro
