Patch-ID# 101440-01
Keywords: security, login, su
Synopsis: SunOS 4.1.3_U1: security problem: methods to exploit login/su
Date: Dec/20/93

Solaris Release: 1.1.1A

SunOS Release: 4.1.3_U1A

Unbundled Product: 

Unbundled Release: 

Topic: SECURITY ISSUE: /usr/5bin/su sets a path that begins with ".".

BugId's fixed with this patch: 1121935

Relevant Architecture: sparc
    NOTE: sun4(all)

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch: su

Problem Description: 

1121935 /usr/5bin/su assigns a path of .:/bin:/usr/bin:/usr/ucb:/etc:/usr/etc
        which starts with ".". System is then vulnerable to trojan horse
        programs.

Install Instructions: 

Perform all commands as root.  It is strongly recommended that the install
be performed in single user mode if user logins are possible during the
execution of these commands.

Make a copy of the old files:
mv /usr/5bin/su /usr/5bin/su.FCS

Change permissions on old files so they can't be executed:
chmod 0400 /usr/5bin/su.FCS

Install the patched files:
cp su /usr/5bin/su

Change the owner and file permissions of the new files:
chown root.staff /usr/5bin/su
chmod 4755 /usr/5bin/su