Bugtraq: Re: SECURITY: redhat, the saga continues..

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: SECURITY: redhat, the saga continues..

From: cadams () RO COM (Chris Adams)
Date: Fri, 3 Jul 1998 13:21:03 -0500


Once upon a time, twiztah wrote

Security problems have been found in dosemu and libtermcap. These security
problems allow users on your local system to gain root access, and should
be fixed as soon as possible.


Beware the fix to libtermcap.  Sure, it closes the root hole, but it
also keeps users from running most programs that use libtermcap.

The patch includes

  if(setfsuid(getuid()))
       return NULL;

The setfsuid(getuid()) will always succeed (so the test is not
necessary), but it returns the previous fsuid on success.  That will
only be 0 when the program is setuid-root or being run by root, so for
most programs run by normal users, the call to open the termcap file
fails.

Change the patch to just be

  setfsuid(getuid());

and it will work fine.  The same goes for the setfsgid() call.
--
Chris Adams - cadams () ro com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.

By Date By Thread

Current thread:

ALERT: Microsoft IIS ASP - $DATA issue update, (continued)
- Re: ircd 2.9.5 & ircii-pana DNS problems Valdis.Kletnieks () VT EDU (Jul 02)
- SECURITY: redhat, the saga continues.. twiztah (Jul 02)
  - Windows95 Proxy DoS Vulnerabilites Ryan Nichols (Jul 02)
  - Re: SECURITY: redhat, the saga continues.. Jim Bourne (Jul 02)
  - Re: SECURITY: redhat, the saga continues.. Chris Adams (Jul 03)
  - more about 'at' J.A. Gutierrez (Jul 03)