Date: Thu, 28 Mar 2024 16:10:52 -0400 (EDT) Message-ID: <443144777.509.1711656652082@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_508_2071078035.1711656652080" ------=_Part_508_2071078035.1711656652080 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history is at the end of this file.
The default permissions on a number of files and directories in SunOS 4.= 1, 4.1.1, 4.1.2, and 4.1.3 are set incorrectly. These problems are relevant= for the sun3, sun3x, sun4, sun4c, and sun4m architectures. They have been = fixed in SunOS 5.0. (Note that SunOS 5.0 is the operating system included i= n the Solaris 2.0 software distribution.)
An updated patch to reset these permissions is available from Sun. CERT = has seen an increasing number of attackers exploit these problems on system= s and we encourage sites to consider installing this patch.
File permissions on numerous files were set incorrectly in the distribut= ion tape of 4.1.x. A typical example is that a file which should have been = owned by "root" was set to be owned by "bin".
Not all sites will need or want to install the patch for this problem. T= he decision of what user id should own most system files and directories de= pends on the administrative practices of the site. It is quite reasonable t= o run a system where the majority of files are owned by "bin" as long as th= e entire system is run in a manner consistent with that practice. As distri= buted, the SunOS configuration expects most system files to be owned by "ro= ot". The fact that some are not creates security problems.
Therefore, sites that are running the SunOS versions listed above as dis= tributed should install the patch described below. Sites that have made an = informed choice to configure their system differently may instead want to r= eview the patch script and consider which, if any, of the changes should be= made on their system.
Depending on the specific configuration of the local site, the default p= ermissions may allow local users to gain "root" access.
Patch ID Filename = Checksum 100103-11 100103-11.tar.Z 19847 6
Please note that Sun Microsystems sometimes updates patch files. I= f you find that the checksum is different please contact Sun Microsystems o= r CERT for verification.
Uncompress the file, extract the contents of the tar archive, and re= view the README file.
% uncompress 100103-11.tar.Z % tar xfv 100103-11.tar % cat README
This patch will reset the group ownership of certain files to either= "staff" or "bin". Make sure you have entries in the "/etc/group" file for = these accounts.
% grep '^staff:' /etc/group % grep '^bin:' /etc/group
If you do not have both of these you will need to either add the m= issing account(s) or modify the patch script (4.1secure.sh) to reflect grou= p ownerships appropriate for your site. (Note that the security problems ar= e fixed by the ownerships and mode bits specified in the patch - not by the= group ownerships. Therefore, changing the group ownerships does not invali= date the patch.)
As "root", run the patch script.
# sh 4.1secure.= sh
This patch fixes Sun BugId's 1046817, 1047044, 1048142, 1054480, 1= 037153, 1039292, and 1042662.
The patch script will set "/usr/kvm/crash" to mode 02700 owned by "r=
oot". While this is not insecure, since only "root" can run the program, CE=
RT recommends that the setgid bit be removed to prevent abuse if world exec=
ute permission were to be added some time later.
As "root", make "/usr/kvm/crash" not a set-group-id program.
Copyright 1993 Carnegie Mellon University.
September 19,1997 Attached Copyright Statement