Once upon a time, twiztah wrote > Security problems have been found in dosemu and libtermcap. These security > problems allow users on your local system to gain root access, and should > be fixed as soon as possible. Beware the fix to libtermcap. Sure, it closes the root hole, but it also keeps users from running most programs that use libtermcap. The patch includes if(setfsuid(getuid())) return NULL; The setfsuid(getuid()) will always succeed (so the test is not necessary), but it returns the previous fsuid on success. That will only be 0 when the program is setuid-root or being run by root, so for most programs run by normal users, the call to open the termcap file fails. Change the patch to just be setfsuid(getuid()); and it will work fine. The same goes for the setfsgid() call. -- Chris Adams - cadamsat_private System Administrator - Renaissance Internet Services I don't speak for anybody but myself - that's enough trouble.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:02:01 PDT