Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: IRIX /var/inst/patchbase

Re: IRIX /var/inst/patchbase

Alain Renaud (renaudaSGI.COM)
Sat, 25 Oct 1997 09:28:07 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: KSR[T]: "KSR[T] Advisory #004: printfilter / groff / lpd"
Previous message: Savochkin Andrey Vladimirovich: "Re: SECURITY: groff, rhs-printfilters, tetex, metamail fixes"
In reply to: Paul Tatarsky: "IRIX /var/inst/patchbase"

The patchbase directory is always 700 the only way to change that is to
do it by hand. So I don't see this as a major issue... the reason the
patchbase directory exist is to be able to remove a patch after it's been
install. if you fell there is an issue you can always do

cd /var/inst/patchbase
rm -rf .

This will only prevent you from removing the patch you installed....


Hope this help.
____________________________________________________________________
Alain Renaud                    renaudasgi.com
Region Technical Analyst        Silicon Graphics Cray Research Inc.

     "Have a nice day! ... Unless you have other plans ...."
____________________________________________________________________


On Thu, 23 Oct 1997, Paul Tatarsky wrote:

> I checked to see if this had been brought up before on Bugtraq, if it
> has been, I apologize. Didn't see it in the archive.
>
> Has anyone ever noticed that the IRIX inst patch installs hide away
> a copy of the patched binary in /var/inst/patchbase?
>
> While fine I guess for some things where a rollback might be needed, I
> also noticed that the various setuid buffer overrun binaries that we
> patched are saved away with the setuid bits retained.
>
> For example (as root):
>
> cd /var/inst/patchbase/usr/bsd
> ls -al ordist
> -rwsr-xr-x    1 root     sys        79208 Sep  1 15:42 ordist*
>
> Now, while so far I haven't found /var/inst/patchbase directory
> permissions set to anything but root owner, mode 700, I wonder if that
> is just thanks to the umask when the inst program is first run? Does
> anyone have a world/group readable /var/inst/patchbase?  Because if
> you do, you could still have a problem.
>
> We are now considering adding this step to adding a patch that is for
> setuid buffer overflow style problems in IRIX.
>
>        versions removehist patchSGxxxxxxx
>
> That cleans up the stored patchbase items according to the README's.
> I don't know if that creates any other problems in installing future
> patches. Of course you could always remove the setuid bit as well.
>
> I'd be curious if other vendors store away patched binaries setuid
> like that. Doesn't seem like a real good idea.
>
> --------------------------------------------------------------------
> Paul Tatarsky                            paulcse.ucsc.edu
> UC Santa Cruz
> CE/CIS Systems Manager
> --------------------------------------------------------------------
>

Next message: KSR[T]: "KSR[T] Advisory #004: printfilter / groff / lpd"
Previous message: Savochkin Andrey Vladimirovich: "Re: SECURITY: groff, rhs-printfilters, tetex, metamail fixes"
In reply to: Paul Tatarsky: "IRIX /var/inst/patchbase"