Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1998: Re: SECURITY: redhat, the saga continues..

Re: SECURITY: redhat, the saga continues..

Chris Adams (cadamsRO.COM)
Fri, 3 Jul 1998 13:21:03 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ryan Nichols: "Windows95 Proxy DoS Vulnerabilites"
Previous message: Jim Bourne: "Re: SECURITY: redhat, the saga continues.."
In reply to: twiztah: "SECURITY: redhat, the saga continues.."

Once upon a time, twiztah wrote
> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.

Beware the fix to libtermcap.  Sure, it closes the root hole, but it
also keeps users from running most programs that use libtermcap.

The patch includes

  if(setfsuid(getuid()))
       return NULL;

The setfsuid(getuid()) will always succeed (so the test is not
necessary), but it returns the previous fsuid on success.  That will
only be 0 when the program is setuid-root or being run by root, so for
most programs run by normal users, the call to open the termcap file
fails.

Change the patch to just be

  setfsuid(getuid());

and it will work fine.  The same goes for the setfsgid() call.
--
Chris Adams - cadamsro.com
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.

Next message: Ryan Nichols: "Windows95 Proxy DoS Vulnerabilites"
Previous message: Jim Bourne: "Re: SECURITY: redhat, the saga continues.."
In reply to: twiztah: "SECURITY: redhat, the saga continues.."