[2239] in bugtraq
Re: load.root (loadmodule hole)
daemon@ATHENA.MIT.EDU (Urban)
Fri Sep 15 13:52:06 1995
Date: Fri, 15 Sep 1995 15:44:04 +0200
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Urban <Urban.Kaveus@edt.ericsson.se>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199509151054.GAA14556@Collatz.McRCIM.McGill.EDU>
/*****************************************************************
This wrapper program will HOPEFULLY protect you against the
bug in in loadmodule described by 8lgm.
Do like this:
First, let us assume you name this program "wrapper.c" and
you store it under /usr/openwin/bin.
Then, execute the following commands as root:
sunos # cd /usr/openwin/bin
sunos # mv loadmodule loadmodule.original
sunos # chmod 700 loadmodule.original
sunos # cc -o loadmodule wrapper.c
sunos # chmod 4755 loadmodule
Now you should have :
sunos # ls -l loadmodule*
-rwsr-xr-x 1 root 24576 Sep 15 12:13 loadmodule
-rwx------ 1 root 24576 Jul 24 17:36 loadmodule.original
Use at own risk !
Written 1995-09-15 by Urban Kaveus, LM Ericsson Data AB
******************************************************************/
#include <string.h>
main(argc,argv,envp)
int argc;
char **argv, **envp;
{
char **c;
c=envp;
while( *c ) {
if (strncmp(*c,"IFS=",4) == 0 ) {
(*c)[4] = 0; /* Truncate all instances of IFS ! */
}
c++;
}
/* Become root and run the original version of loadmodule. */
setuid(0);
execve("/usr/openwin/bin/loadmodule.original",
argv, envp );
}
