Patch-ID# 100631-01 Keywords: ENCRYPTION INTERNATIONAL security login domestic LD_ environment variables Synopsis: SunOS 4.1 4.1.1 4.1.2 4.1.3: env variables can be used to exploit login Date: May/18/1992 ****************************************************** The items made available through this website are subject to United States export laws and may be subject to export and import laws of other countries. You agree to strictly comply with all such laws and obtain licenses to export, re-export, or import as may be required. Unless expressly authorized by the United States Government to do so you will not, directly or indirectly, export or re-export the items made available through this website, nor direct the items therefrom, to any embargoed or restricted country identified in the United States export laws, including but not limited to the Export Administration Regulations (15 C.F.R. Parts 730-774). ****************************************************** Solaris Release: null 1.0 1.0.1 1.1 1.1C SunOS Release: 4.1 4.1.1 4.1.2 4.1.3 4.1.3C Unbundled Product: Unbundled Release: Xref: Topic: security, login is exploitable via LD_ environment variables Relevant Architectures: sparc BugId's fixed with this patch: 1085851 Changes incorporated in this version: Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: NOTE: sun3(all), sun4(all) NOTE:4.1.3_U1 Files included with this patch: login Problem Description: A dynamically-linked program that is forked by a setuid program has access to the callers environmental variables if the setuid program sets the real UID equal to the effective UID and the real GID equal to the effective GID before the dynamically-linked program is forked. Note that this patch contains the domestic version of /bin/login that users who are using the US Encryption Kit need to install. Patch 100630-01 contains the international version of /bin/login. Domestic /bin/login users should also obtain Patch 100630-01 to obtain patched versions of /usr/bin/su and /usr/5bin/su. Patch Installation Instructions: -------------------------------- Perform all commands as root. It is strongly recommended that the install be performed in single user mode if user logins are possible during the execution of these commands. Make a copy of the old file: mv /bin/login /bin/login.FCS Change permissions on old file so it can''t be executed: chmod 0400 /bin/login.FCS Install the patched files: cp `arch`/login /bin/login Change the owner and file permissions of the new files: chown root.staff /bin/login chmod 4755 /bin/login Special Install Instructions: ----------------------------- None. README -- Last modified date: Wednesday, December 6, 2000