Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995

casperHOLLAND.SUN.COM

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Darrell Fuhriman: "Random seed (fwd)"
• Previous message: Anthony J. Stuckey: "Re: your mail"
• In reply to: Pat The Friendly RedNeck: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: Sten Gunterberg: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"

>I wonder if there is any element of protection by having the sendmail
>daemon running only on machines that have no user accounts (all passwd
>entries have '*' for the passwd field, except for systems staff, of course)?
>All other machines having sendmail NOT running as a daemon, and the SUID
>bit turned off (because it doesn't do local delivery)...

No.  The attak  can be executed over the net.  Since sendmail
runs as root in daemon mode, breakins can be made on systems w/o
user accoutns or whatnot.

>I suspect that when the patch is out, it will be a libc patch, or at
>least a new module to replace one in libc, not a patch to sendmail,
>syslogd, or other utils...  Thats how I am thinking of fixing it, if
>the patch is not forthcoming soon... replacing the syslog.o module in
>libc.a and libc.so.??? (so statically linked stuff subsequently built
>won't be vulnerable, too)?  I take it that Suns syslog() function doesn't
>do anything undocumented and wierd...

Fixing libc.so will fix all dynamically linked programs.
Those of you who have a statically linked sendmail, will
need to relink it after upgrading libc.a (the static libc)


Casper

• Next message: Darrell Fuhriman: "Random seed (fwd)"
• Previous message: Anthony J. Stuckey: "Re: your mail"
• In reply to: Pat The Friendly RedNeck: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"
• Next in thread: Sten Gunterberg: "Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995"