[2278] in bugtraq
Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Sep 29 00:22:47 1995
Date: Mon, 25 Sep 1995 18:32:05 +0100
Reply-To: Bugtraq List <BUGTRAQ@crimelab.com>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@crimelab.com>
In-Reply-To: Your message of "Fri, 22 Sep 1995 10:43:50 PDT."
<199509221743.KAA08050@pit.wolfe.net>
>I wonder if there is any element of protection by having the sendmail
>daemon running only on machines that have no user accounts (all passwd
>entries have '*' for the passwd field, except for systems staff, of course)?
>All other machines having sendmail NOT running as a daemon, and the SUID
>bit turned off (because it doesn't do local delivery)...
No. The attak can be executed over the net. Since sendmail
runs as root in daemon mode, breakins can be made on systems w/o
user accoutns or whatnot.
>I suspect that when the patch is out, it will be a libc patch, or at
>least a new module to replace one in libc, not a patch to sendmail,
>syslogd, or other utils... Thats how I am thinking of fixing it, if
>the patch is not forthcoming soon... replacing the syslog.o module in
>libc.a and libc.so.??? (so statically linked stuff subsequently built
>won't be vulnerable, too)? I take it that Suns syslog() function doesn't
>do anything undocumented and wierd...
Fixing libc.so will fix all dynamically linked programs.
Those of you who have a statically linked sendmail, will
need to relink it after upgrading libc.a (the static libc)
Casper
