OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: SECURITY: redhat, the saga continues..

Re: SECURITY: redhat, the saga continues..

Jim Bourne (jbourneHARDROCK.ORG)
Thu, 2 Jul 1998 23:29:10 -0700 

On Thu, 2 Jul 1998, twiztah wrote:

> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.
>

Under redhat 4.2 running both libc-5.3.12 and libc-5.4.44 the
termcap-2.0.8-setuid.patch I believe was incorrect and will cause any
program using libtermcap to fail if the user is not root.

I corrected the patch to work on our systems, if this is incorrect please,
correct me :)

Regards,
Jim

--- termcap-2.0.8/termcap.c~    Tue Apr 16 04:23:23 1996
+++ termcap-2.0.8/termcap.c     Thu Jul  2 23:26:54 1998
 -366,8 +366,18 
   printf("Using file %s\n", tc_file);
 #endif

+  if(setfsuid(getuid()) != getuid())
+       return NULL;
+  if(setfsgid(getgid()) != getgid())
+       return NULL;
   /* Now read the termcap file. */
-  if ((fp = fopen(tc_file, "r")) == NULL) return(NULL);
+  fp = fopen(tc_file, "r");
+
+  setfsuid(geteuid());
+  setfsgid(getegid());
+
+  if(fp==NULL)
+         return(NULL);

   while(term) {
        if (++loop > 16) {


--
James Bourne                    | Email:          jbournehardrock.org
No. 2 Harbourview Ventures Ltd. | WWW:        http://www.hardrock.org/
Everything Unix                 | Linux-The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration