The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Core 'Security Digest' - Archives (1990 - 1991)
DOCUMENT: Core 'Security Digest' V1 #17 1991-05-16 (1 file, 1281 bytes)
SOURCE: http://securitydigest.org/exec/display?f=core/archive/117.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.

START OF DOCUMENT


Date: Thu May 16 12:08:36 PDT 1991
Subject: Core Security Digest V1 #17

Core Security Digest Volume 1 Issue 17

subject(s):

            Sun Security Bulletin early notice

The unix core security mailing list is by invitation only and contains
sensitive material which SHOULD NOT BE REVEALED to non-members.
DO NOT PUT ANY LIST CONTENTS IN LOCATIONS ACCESSABLE TO NON-MEMBERS.
If you must keep copies on-line, please encrypt them at the very least.

PLEASE POST TO:                              core@uninet.cpd.com
PLEASE SEND EMERGENCY ALERTS TO:   core-emergency@uninet.cpd.com
PLEASE SEND REQUESTS TO:             core-request@uninet.cpd.com


------------------------------------------------------------------------

Date: Thu, 16 May 91 10:58:25 PDT
From: Brad.Powell@Corp.Sun.COM (Brad Powell )
Subject: Sun Security Bulletin early notice

A Sun Security Bulletin will be going out shortly with the following
information This is the early announcement to Sun internal, CERT and
CIAC. CERT and CIAC will have the right to repost if they feel it is
warrented.

---------------------------------------------------------------------------

SUN MICROSYSTEMS SECURITY BULLETIN:
#00107

 This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.

Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------


Sun Bug ID  : 1059621
Synopsis    : security hole created by installing sunsrc
Sun Patch ID: Not applicable see fix below.

This applies to sites that have installed Sun Source tapes only.

The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and
installs two setuid root files in it: makeinstall and winstall.
These are both binary files which exec other programs: "make -k install"
(makeinstall) or "install" (winstall).

This makes it possible for users on that system to become root.

The solution:
        chmod ug-s /usr/release/bin/{makeinstall, winstall}
        (if the sources have already been installed)
and/or
        edit the makefile in sunsrc/release and change the SETUID definition
        (if the sources have been extracted from tape but not installed yet)

---------------------------------------------------------------------------
Special thanks to CERT and Tel-Aviv University for reporting this
problem.

Brad Powell
Sun Microsystems
Software Security Coordinator.

------------------------------------------------------------------------

        End of Core Security Digest Volume 1 Issue 17
        **********************

END OF DOCUMENT