Re: SECURITY: redhat, the saga continues..

[jbourne () HARDROCK ORG (Jim Bourne)]

On Thu, 2 Jul 1998, twiztah wrote:

> Security problems have been found in dosemu and libtermcap. These security
> problems allow users on your local system to gain root access, and should
> be fixed as soon as possible.

Under redhat 4.2 running both libc-5.3.12 and libc-5.4.44 the
termcap-2.0.8-setuid.patch I believe was incorrect and will cause any
program using libtermcap to fail if the user is not root.

I corrected the patch to work on our systems, if this is incorrect please,
correct me :)

Regards,
Jim

--- termcap-2.0.8/termcap.c~    Tue Apr 16 04:23:23 1996
+++ termcap-2.0.8/termcap.c     Thu Jul  2 23:26:54 1998
@@ -366,8 +366,18 @@
   printf("Using file %s\n", tc_file);
 #endif

+  if(setfsuid(getuid()) != getuid())
+       return NULL;
+  if(setfsgid(getgid()) != getgid())
+       return NULL;
   /* Now read the termcap file. */
-  if ((fp = fopen(tc_file, "r")) == NULL) return(NULL);
+  fp = fopen(tc_file, "r");
+
+  setfsuid(geteuid());
+  setfsgid(getegid());
+
+  if(fp==NULL)
+         return(NULL);

   while(term) {
        if (++loop > 16) {


--
James Bourne                    | Email:          jbourne () hardrock org
No. 2 Harbourview Ventures Ltd. | WWW:        http://www.hardrock.org/
Everything Unix                 | Linux-The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration