Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Novell security advisory on sadc, urestore and the suid_exec feature

From: mingus () summit novell com (Marcel-Franck Simon)
Date: Fri, 9 Dec 1994 14:55 EST

I am posting this on behalf of Novell Technical Support. Please contact
them directly if you have any questions; if you must reply to me, I
will forward.

=======================================================================

Recently, there were three security advisories posted on the
"net" associated with several versions of the Unix Operating System.
These advisories are related to the following:

        /usr/lib/sa/sadc        The command is sgid-on-exec to "sys"

        /usr/sbin/urestore      The command is suid-on-exec to "root"

        suid_exec feature       This pertains to "ksh".

One of the operating system versions affected was the UnixWare 1.1
product distributed by Novell, Inc.  Listed below are the results of
the investigation that took place concerning the affected binaries:

        With respect to the "sadc" problem, the "sadc" binary in the
        UnixWare 1.1 product has been modified such that it no longer
        poses a security threat.
        
        This modification is provided as PTF683 and is available from
        Novell Technical Support at (800) 486-4835.
        
        With respect to the "urestore" problem, this requires an attribute
        modification to remove the suid-on-exec bit.  The functionality of
        "urestore" should remain unchanged.  This modification is also
        included in PTF683.
        
        The last advisory, suid_exec for ksh, does not apply to the version
        of "ksh" supplied with the UnixWare 1.1 product.
        
        This advisory relates to a feature in "ksh" that allows for the
        execution of suid-on-exec shell scripts.  Since the UnixWare 1.1
        product provides this capability in the exec(2) system call in
        the kernel, the UnixWare 1.1 product does not need to set that
        DEFINE value when compiling "ksh" to achieve this capability and
        hasn't since SVR4.0.

Novell, Inc. has sent source fixes to all SVR4.0, SVR4.2, and SVR4.2MP
OEM customers for both the "sadc" and "urestore" advisories.  These vendors
should be making them available to licensees of their SVR4.X-based operating
systems.  If you are using any of the versions mentioned above, you should
contact the appropriate vendor to obtain their official update.
Previous By Date Next
Previous By Thread Next

Current thread: