[1196] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] libc 5.4.7

daemon@ATHENA.MIT.EDU (David Holland)
Mon Oct 7 02:52:32 1996

From: David Holland <dholland@eecs.harvard.edu>
To: potato@dsnet.com (Rob Glover)
Date: Sun, 6 Oct 1996 17:03:21 -0400 (EDT)
Cc: dholland@eecs.harvard.edu, potato@dsnet.com, linux-gcc@vger.rutgers.edu,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.961006113702.391A-100000@dial-cup1-19.iway.aimnet.com> from "Rob Glover" at Oct 6, 96 11:37:33 am

 > Ahhhh, RESOLV_HOST_CONF is fixed in 5.4.7 eh? well, i fixed it with a
 > PATCH for 1.8.2..... so, thats no prob ;>

I should point out that this is by no means the only security problem
fixed in 5.4.7 - there are a number of others, at least one of which
can possibly permit anyone anywhere on the net to get a root shell,
and several where users can get root shells.

RESOLV_HOST_CONF isn't the only environment variable referenced by
libc - nor is it the least dangerous one. You need to update to libc
5.4.6 or higher (that protects environment vars in setuid programs)
and install the telnetd from NetKit-B-0.08 or equivalent, to protect
against having these things sent via telnet.

I am not going to post a complete catalog of the problems at this
time, but I advise strongly against complacency or assuming a
home-grown RESOLV_HOST_CONF patch is sufficient.

-- 
   - David A. Holland             |    VINO project home page:
     dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino

home help back first fref pref prev next nref lref last post