[453] in bugtraq
Novell security advisory on sadc, urestore and the suid_exec feature
daemon@ATHENA.MIT.EDU (Marcel-Franck Simon)
Sat Dec 10 00:08:31 1994
From: mingus@summit.novell.com (Marcel-Franck Simon)
To: bugtraq@fc.net
Date: Fri, 9 Dec 1994 14:55 EST
I am posting this on behalf of Novell Technical Support. Please contact
them directly if you have any questions; if you must reply to me, I
will forward.
=======================================================================
Recently, there were three security advisories posted on the
"net" associated with several versions of the Unix Operating System.
These advisories are related to the following:
/usr/lib/sa/sadc The command is sgid-on-exec to "sys"
/usr/sbin/urestore The command is suid-on-exec to "root"
suid_exec feature This pertains to "ksh".
One of the operating system versions affected was the UnixWare 1.1
product distributed by Novell, Inc. Listed below are the results of
the investigation that took place concerning the affected binaries:
With respect to the "sadc" problem, the "sadc" binary in the
UnixWare 1.1 product has been modified such that it no longer
poses a security threat.
This modification is provided as PTF683 and is available from
Novell Technical Support at (800) 486-4835.
With respect to the "urestore" problem, this requires an attribute
modification to remove the suid-on-exec bit. The functionality of
"urestore" should remain unchanged. This modification is also
included in PTF683.
The last advisory, suid_exec for ksh, does not apply to the version
of "ksh" supplied with the UnixWare 1.1 product.
This advisory relates to a feature in "ksh" that allows for the
execution of suid-on-exec shell scripts. Since the UnixWare 1.1
product provides this capability in the exec(2) system call in
the kernel, the UnixWare 1.1 product does not need to set that
DEFINE value when compiling "ksh" to achieve this capability and
hasn't since SVR4.0.
Novell, Inc. has sent source fixes to all SVR4.0, SVR4.2, and SVR4.2MP
OEM customers for both the "sadc" and "urestore" advisories. These vendors
should be making them available to licensees of their SVR4.X-based operating
systems. If you are using any of the versions mentioned above, you should
contact the appropriate vendor to obtain their official update.
