[7166] in bugtraq
Re: SECURITY: redhat, the saga continues..
daemon@ATHENA.MIT.EDU (Jim Bourne)
Mon Jul 6 17:46:38 1998
Date: Thu, 2 Jul 1998 23:29:10 -0700
Reply-To: Jim Bourne <jbourne@HARDROCK.ORG>
From: Jim Bourne <jbourne@HARDROCK.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980702210441.19297A-100000@ANARCHY.MAXHO.COM>
On Thu, 2 Jul 1998, twiztah wrote:
> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.
>
Under redhat 4.2 running both libc-5.3.12 and libc-5.4.44 the
termcap-2.0.8-setuid.patch I believe was incorrect and will cause any
program using libtermcap to fail if the user is not root.
I corrected the patch to work on our systems, if this is incorrect please,
correct me :)
Regards,
Jim
--- termcap-2.0.8/termcap.c~ Tue Apr 16 04:23:23 1996
+++ termcap-2.0.8/termcap.c Thu Jul 2 23:26:54 1998
@@ -366,8 +366,18 @@
printf("Using file %s\n", tc_file);
#endif
+ if(setfsuid(getuid()) != getuid())
+ return NULL;
+ if(setfsgid(getgid()) != getgid())
+ return NULL;
/* Now read the termcap file. */
- if ((fp = fopen(tc_file, "r")) == NULL) return(NULL);
+ fp = fopen(tc_file, "r");
+
+ setfsuid(geteuid());
+ setfsgid(getegid());
+
+ if(fp==NULL)
+ return(NULL);
while(term) {
if (++loop > 16) {
--
James Bourne | Email: jbourne@hardrock.org
No. 2 Harbourview Ventures Ltd. | WWW: http://www.hardrock.org/
Everything Unix | Linux-The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration
