Bugtraq mailing list archives
Re: another /usr/dt/bin/dtappgather feature!
From: iglesias () DRACO ACS UCI EDU (Mike Iglesias)
Date: Thu, 5 Nov 1998 09:26:19 -0800
For those of you using Digital Unix, here's what I've found so far about the dtappgather bug... The patch in 4.0D patch kit 2 fixes the part of the bug that changes the ownership of any file to the user running dtappgather, but it does *NOT* fix the part that changes the protection on the file. For example, when I tried it using /etc/passwd as the target, the owner stayed the same but the protection changed from 644 to 555. This is still a problem, in that you can get read access to any file on the system. I checked patch kit 8 for 4.0B, and it behaves the same as the patched 4.0D dtappgather. I still suggest turning off the suid bit on dtappgather until we get a fix from Digital. I have reported this to Digital. Mike Iglesias Internet: iglesias () draco acs uci edu University of California, Irvine phone: 949-824-6926 Office of Academic Computing FAX: 949-824-2069
Current thread:
- Re: Possible mail spool problem, (continued)
- Re: Possible mail spool problem Conrad Juleff (Nov 05)
- various *lame* DoS attacks Conrad Juleff (Nov 05)
- Re: various *lame* DoS attacks puppet (Nov 07)
- Sendmail DoS (was: Re: various *lame* DoS attacks) net.ikon (Nov 12)
- Re: another /usr/dt/bin/dtappgather feature! Ben Collins (Nov 04)
- Re: another /usr/dt/bin/dtappgather feature! Scott Cromar (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! J.A. Gutierrez (Nov 06)
- Re: another /usr/dt/bin/dtappgather feature! Casper Dik (Nov 09)
- Sun Security Bulletin #00178 joshua grubman (Nov 09)
- XFree86 3.3.2's setup tool /tmp race Adrian Voinea (Nov 08)
- Secure-linux patch Ernst Jan Plugge (Nov 05)
- Re: quakeworld/win32 DoS Alexander Sanda (Nov 05)
- Re: another /usr/dt/bin/dtappgather feature! Paolo Amendola (Nov 06)