Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: load.root (loadmodule hole)

From: Urban.Kaveus () edt ericsson se (Urban)
Date: Mon, 18 Sep 1995 09:18:09 +0200

Sorry to bother you again, but my previous script did an
uncessesary call to "setuid()".
Here's a one without that call, but still it does not cope with
the underlaying problem, it just makes 8lgm's script inoperable.

Yours

Urban Kaveus
LM Ericsson Data AB


/*****************************************************************

   This wrapper program will HOPEFULLY protect you against the
   bug in in loadmodule described by 8lgm.

   Version 1.1: setuid call removed

   Do like this:

   First, let us assume you name this program "wrapper.c" and
   you store it under /usr/openwin/bin.

   Then, execute the following commands as root:

      sunos # cd /usr/openwin/bin
      sunos # mv loadmodule loadmodule.original
      sunos # chmod 700 loadmodule.original
      sunos # cc -o loadmodule wrapper.c
      sunos # chmod 4755 loadmodule

   Now you should have :

      sunos # ls -l loadmodule*
      -rwsr-xr-x  1 root        24576 Sep 15 12:13 loadmodule
      -rwx------  1 root        24576 Jul 24 17:36 loadmodule.original

   Use at own risk !

   Written 1995-09-15 by Urban Kaveus, LM Ericsson Data AB

******************************************************************/

#include <string.h>

main(argc,argv,envp)
     int argc;
     char **argv, **envp;
{
        char **c;

        c=envp;

        while( *c ) {
          if (strncmp(*c,"IFS=",4) == 0 ) {
            (*c)[4] = 0; /* Truncate all instances of IFS ! */
          }
          c++;
        }

/* Run the original version of loadmodule. */

        execve("/usr/openwin/bin/loadmodule.original",
               argv, envp );
}
Previous By Date Next
Previous By Thread Next

Current thread: