[1105] in linux-security and linux-alert archive
Re: [linux-security] RESOLV_HOST_CONF
daemon@ATHENA.MIT.EDU (route@onyx.infonexus.com)
Wed Aug 28 20:06:34 1996
From: route@onyx.infonexus.com
To: dholland@hcs.HARVARD.EDU (David Holland)
Date: Tue, 27 Aug 1996 18:08:59 -0700 (PDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199608260749.DAA26408@hcs.harvard.edu> from "David Holland" at Aug 26, 96 03:49:14 am
The RESOLV_HOST_CONF exploit fix:
>From the `init_services()` function in inet/gethstnmad.c:
This is where the RESOLV_HOST_CONF environment variable is passed.
if(NULL==(hostconf=getenv(ENV_HOSTCONF))){
hostconf=_PATH_HOSTCONF;
}
All we need to add is some UID checking...
/* If our UID is not equal to our EUID, do not pass the env */
if(!(hostconf=getenv(ENV_HOSTCONF))){
if((getuid()==geteuid()))hostconf=_PATH_HOSTCONF;
}
--
[ route@infonexus.com ] Editor, Phrack Magazine / Guild Corporation Chair
the greatest trick the devil ever pulled was
convincing the world he didn't exist