Bugtraq mailing list archives
Re: load.root (loadmodule hole)
From: Urban.Kaveus () edt ericsson se (Urban)
Date: Mon, 18 Sep 1995 09:18:09 +0200
Sorry to bother you again, but my previous script did an uncessesary call to "setuid()". Here's a one without that call, but still it does not cope with the underlaying problem, it just makes 8lgm's script inoperable. Yours Urban Kaveus LM Ericsson Data AB /***************************************************************** This wrapper program will HOPEFULLY protect you against the bug in in loadmodule described by 8lgm. Version 1.1: setuid call removed Do like this: First, let us assume you name this program "wrapper.c" and you store it under /usr/openwin/bin. Then, execute the following commands as root: sunos # cd /usr/openwin/bin sunos # mv loadmodule loadmodule.original sunos # chmod 700 loadmodule.original sunos # cc -o loadmodule wrapper.c sunos # chmod 4755 loadmodule Now you should have : sunos # ls -l loadmodule* -rwsr-xr-x 1 root 24576 Sep 15 12:13 loadmodule -rwx------ 1 root 24576 Jul 24 17:36 loadmodule.original Use at own risk ! Written 1995-09-15 by Urban Kaveus, LM Ericsson Data AB ******************************************************************/ #include <string.h> main(argc,argv,envp) int argc; char **argv, **envp; { char **c; c=envp; while( *c ) { if (strncmp(*c,"IFS=",4) == 0 ) { (*c)[4] = 0; /* Truncate all instances of IFS ! */ } c++; } /* Run the original version of loadmodule. */ execve("/usr/openwin/bin/loadmodule.original", argv, envp ); }
Current thread:
- load.root (loadmodule hole) der Mouse (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 15)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- Re: load.root (loadmodule hole) Pat The Friendly RedNeck (Sep 15)
- Re: load.root (loadmodule hole) Urban (Sep 18)
- INN1.4sec on Linux Olaf Kirch (Sep 18)
- Re: INN1.4sec on Linux Dave Barr (Sep 25)
- Re: load.root (loadmodule hole) Fred Blonder (Sep 15)
- <Possible follow-ups>
- Re: load.root (loadmodule hole) Brad Powell (Sep 15)
- Re: load.root (loadmodule hole) Karl Strickland (Sep 17)
- Re: load.root (loadmodule hole) Casper Dik (Sep 26)
- Re: load.root (loadmodule hole) Brad Powell (Sep 16)
- Re: load.root (loadmodule hole) Dave Mitchell (Sep 18)
- Re: load.root (loadmodule hole) Urban (Sep 15)