Once upon a time, twiztah wrote
> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.
Beware the fix to libtermcap. Sure, it closes the root hole, but it
also keeps users from running most programs that use libtermcap.
The patch includes
if(setfsuid(getuid()))
return NULL;
The setfsuid(getuid()) will always succeed (so the test is not
necessary), but it returns the previous fsuid on success. That will
only be 0 when the program is setuid-root or being run by root, so for
most programs run by normal users, the call to open the termcap file
fails.
Change the patch to just be
setfsuid(getuid());
and it will work fine. The same goes for the setfsgid() call.
--
Chris Adams - cadamsat_private
System Administrator - Renaissance Internet Services
I don't speak for anybody but myself - that's enough trouble.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:01 PDT