Bugtraq mailing list archives
Re: pt_chmod
From: karl () bagpuss demon co uk (Karl Strickland)
Date: Sat, 3 Dec 1994 15:25:37 +0000 (GMT)
Carson Gaspar wrote:Does anyone know what the pt_chmod hole is? The same suid program exists in Solaris 2.x, and knowing Sun's track record...By my testing, exactly the same bug exists on Solaris 2.3/SPARC; however, it does not cause a security hole there. The security hole is caused by how the SCO execution environment treats NULL dereferences. The same bug probably exists in the pt_chmod source on most System V systems; whether it causes a security problem depends on how the OS treats NULL dereferences. Full disclosure has been sent to CERT for dissemination to other OS vendors. I am not in a position to publically disclose full details at
you might have cc'd it to 8lgm, to save us a few hours!!! :-)
this time; I also think that to do so would be rude to other OS vendors who have not had a chance to issue their own fixes. Your pt_chmod is safe if it coredumps when run as `pt_chmod < /etc/termcap`. If not, it might or might not be safe. Ask your OS vendor, "trace" or "truss".
talking of trace, is sco's trace broken? our copy at least, seems to miss out system calls. eg for pt_chmod, trace never shows chown(2) being called; but if you disassemble it or single step it with adb, you can see that it does actually get called.
I'm sorry that I can't say more.Bela<
Well done for getting those patches out so quickly. Cheers ------------------------------------------+----------------------------------- Mailed using ELM on FreeBSD | Karl Strickland PGP 2.3a Public Key Available. | Internet: karl () bagpuss demon co uk |
Current thread:
- Re: pt_chmod Bela Lubkin (Dec 02)
- Re: pt_chmod Karl Strickland (Dec 03)
- Re: pt_chmod Peter Wemm (Dec 03)
- Re: pt_chmod Peter Wemm (Dec 04)
- Re: pt_chmod Casper Dik (Dec 04)
- <Possible follow-ups>
- Re: pt_chmod Bela Lubkin (Dec 03)
- SCO (was Re: pt_chmod) Karl Strickland (Dec 04)
- Re: pt_chmod Bela Lubkin (Dec 04)
- Re: pt_chmod Peter Wemm (Dec 04)
- Re: pt_chmod Jeff Smith (Dec 04)