[1208] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] libc 5.4.7

daemon@ATHENA.MIT.EDU (Jauder Ho)
Sat Oct 12 07:41:21 1996

Date: Wed, 9 Oct 1996 12:37:45 -0700 (PDT)
From: Jauder Ho <jauderho@netcom.com>
To: David Holland <dholland@eecs.harvard.edu>
Cc: Florian La Roche <florian@jurix.jura.uni-sb.de>, potato@dsnet.com,
        linux-gcc@vger.rutgers.edu, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199610091830.OAA15904@burgundy.eecs.harvard.edu>


	5.4.8 is totally buggy for me. I am unable to compile anything
with it. I get a bunch of undefined stuff. I think putshort is one of
them.. just try compiling a hello.c with 5.4.8 There is a need to fix this
and others so that we have a decent working libc. 5.4.7 is pretty stable
but is pretty stable stable enough. Besides the 5.4.x series of libcs
crashes netscape if it runs java and occasionally causes netscape to croak
without reason. 

--Jauder

On Wed, 9 Oct 1996, David Holland wrote:

>  > >  > Ahhhh, RESOLV_HOST_CONF is fixed in 5.4.7 eh? well, i fixed it with a
>  > >  > PATCH for 1.8.2..... so, thats no prob ;>
>  > > 
>  > > I should point out that this is by no means the only security problem
>  > > fixed in 5.4.7 - there are a number of others, at least one of which
>  > > can possibly permit anyone anywhere on the net to get a root shell,
>  > > and several where users can get root shells.
>  > > 
>  > > RESOLV_HOST_CONF isn't the only environment variable referenced by
>  > > libc - nor is it the least dangerous one. You need to update to libc
>  > > 5.4.6 or higher (that protects environment vars in setuid programs)
>  > > and install the telnetd from NetKit-B-0.08 or equivalent, to protect
>  > > against having these things sent via telnet.
>  > > 
>  > > I am not going to post a complete catalog of the problems at this
>  > > time, but I advise strongly against complacency or assuming a
>  > > home-grown RESOLV_HOST_CONF patch is sufficient.
>  > 
>  > The RESOLV_HOST_CONV Bug can be deleted by a small change in the loader
>  > that just deleted that environment-variable for suid programs.
> 
> Reread the part of my previous message you just quoted -
> RESOLV_HOST_CONF is *not* the only problem. 
> 
>  > Is 5.4.7 really enough bug-free to push people using it? I saw YP
>  > fixes mentioned in the 5.4.8 changelog. Is 5.4.7 still usable? (Haven't
>  > looked at the changes.)
> 
> It better be. It's already been two months since this problem was
> discovered; it's high time the fixes were available. I made it pretty
> clear to HJ that we needed a working release, and I bloody well hope
> we have it 'cause we've got to use it.
> 
>  > What bug-reports did you get for NetKit-B 0.08? I have just found
>  > a bug in telnet, that closes the connection if telnet gets a return
>  > value of <=0 Bytes instead of just checking for <0.
>  > ("telnet somewhere; cat file" will sometimes trigger this bug)
> 
> A number. NetKit-B-0.09 would be out already if I had more time to
> finish it off.
> 
> I think I have that one fixed, but just in case could you send me the
> line numbers?
> 
>  > I think, we should take some more time and not start pushing people...
> 
> It's been two months. You can read any file trivially on an unpatched
> Slackware system without logging in. You can get a root shell with a
> bit more effort. This is not acceptable.
> 
> -- 
>    - David A. Holland             |    VINO project home page:
>      dholland@eecs.harvard.edu    | http://www.eecs.harvard.edu/vino
> 


			.sig under construction

home help back first fref pref prev next nref lref last post