On Thu, 2 Jul 1998, twiztah wrote:
> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.
>
Under redhat 4.2 running both libc-5.3.12 and libc-5.4.44 the
termcap-2.0.8-setuid.patch I believe was incorrect and will cause any
program using libtermcap to fail if the user is not root.
I corrected the patch to work on our systems, if this is incorrect please,
correct me :)
Regards,
Jim
--- termcap-2.0.8/termcap.c~ Tue Apr 16 04:23:23 1996
+++ termcap-2.0.8/termcap.c Thu Jul 2 23:26:54 1998
@@ -366,8 +366,18 @@
printf("Using file %s\n", tc_file);
#endif
+ if(setfsuid(getuid()) != getuid())
+ return NULL;
+ if(setfsgid(getgid()) != getgid())
+ return NULL;
/* Now read the termcap file. */
- if ((fp = fopen(tc_file, "r")) == NULL) return(NULL);
+ fp = fopen(tc_file, "r");
+
+ setfsuid(geteuid());
+ setfsgid(getegid());
+
+ if(fp==NULL)
+ return(NULL);
while(term) {
if (++loop > 16) {
--
James Bourne | Email: jbourneat_private
No. 2 Harbourview Ventures Ltd. | WWW: http://www.hardrock.org/
Everything Unix | Linux-The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:56 PDT