Bugtraq mailing list archives
Re: pt_chmod
From: belal () sco COM (Bela Lubkin)
Date: Fri, 2 Dec 1994 21:22:43 -0800
Carson Gaspar wrote:
Does anyone know what the pt_chmod hole is? The same suid program exists in Solaris 2.x, and knowing Sun's track record...
By my testing, exactly the same bug exists on Solaris 2.3/SPARC; however, it does not cause a security hole there. The security hole is caused by how the SCO execution environment treats NULL dereferences. The same bug probably exists in the pt_chmod source on most System V systems; whether it causes a security problem depends on how the OS treats NULL dereferences. Full disclosure has been sent to CERT for dissemination to other OS vendors. I am not in a position to publically disclose full details at this time; I also think that to do so would be rude to other OS vendors who have not had a chance to issue their own fixes. Your pt_chmod is safe if it coredumps when run as `pt_chmod < /etc/termcap`. If not, it might or might not be safe. Ask your OS vendor, "trace" or "truss". I'm sorry that I can't say more.
Bela<
Current thread:
- Re: pt_chmod Bela Lubkin (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 03)
- Re: pt_chmod Peter Wemm (Dec 03)
- Re: pt_chmod Peter Wemm (Dec 04)
- Re: pt_chmod Casper Dik (Dec 04)
- <Possible follow-ups>
- Re: pt_chmod Bela Lubkin (Dec 03)
- SCO (was Re: pt_chmod) Karl Strickland (Dec 04)
- Re: pt_chmod Bela Lubkin (Dec 04)
- Re: pt_chmod Peter Wemm (Dec 04)
- Re: pt_chmod Jeff Smith (Dec 04)