Re: another /usr/dt/bin/dtappgather feature!

iglesiasDRACO.ACS.UCI.EDU

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Roland Grefer: "Re: ISS Security Advisory: Hidden community string in SNMP"
• Previous message: Mark Santaniello: "Re: Quake problem?"
• In reply to: Casper Dik: "Re: another /usr/dt/bin/dtappgather feature!"
• Next in thread: Luca Berra: "Re: another /usr/dt/bin/dtappgather feature!"

For those of you using Digital Unix, here's what I've found so far
about the dtappgather bug...

The patch in 4.0D patch kit 2 fixes the part of the bug that changes
the ownership of any file to the user running dtappgather, but it does
*NOT* fix the part that changes the protection on the file.  For
example, when I tried it using /etc/passwd as the target, the owner
stayed the same but the protection changed from 644 to 555.  This is
still a problem, in that you can get read access to any file on the
system.

I checked patch kit 8 for 4.0B, and it behaves the same as the patched 4.0D
dtappgather.

I still suggest turning off the suid bit on dtappgather until we
get a fix from Digital.  I have reported this to Digital.


Mike Iglesias                        Internet:    iglesiasdraco.acs.uci.edu
University of California, Irvine     phone:       949-824-6926
Office of Academic Computing         FAX:         949-824-2069

• Next message: Roland Grefer: "Re: ISS Security Advisory: Hidden community string in SNMP"
• Previous message: Mark Santaniello: "Re: Quake problem?"
• In reply to: Casper Dik: "Re: another /usr/dt/bin/dtappgather feature!"
• Next in thread: Luca Berra: "Re: another /usr/dt/bin/dtappgather feature!"