X-RDate: Mon, 06 Apr 1998 10:08:17 +0600 (ESD)
Date: Thu, 2 Apr 1998 11:48:46 +0300
From: Nir Soffer <scorpios@CS.HUJI.AC.IL.>
To: [email protected]Subject: Re: BSD coredumps follow symlinks
On Tue, 31 Mar 1998, Denis Papp wrote:
> I have a system running BSD/OS 2.1 with all the patches from BSDi, including
> K210-029 which I quote:
> "This patch addresses a security problem with core dumps from setuid programs."
>
That's very wierd. Back when I found the same bug in BSDI 3.0 I tried the
same in BSDi 2.1 and it didn't work. Maybe we used a different patch, but
this is the transcript:
jupiter[ /tmp ] uname -a
BSD/OS jupiter.cs.huji.ac.il 2.1 BSDI BSD/OS 2.1 Kernel #4: Tue Oct 8
08:49:52 IST 1996 [email protected]:/sys/compile/CHAMSA i386
jupiter[ /tmp ] ls -la lpr.core
lrwxrwxrwt 1 root wheel 8 Apr 2 11:37 lpr.core@ -> /etc/BLA
jupiter[ /tmp ] lpr &
[1] 29989
jupiter[ /tmp ]
[1] + Suspended (tty input) lpr
jupiter[ /tmp ] kill -6 %1
jupiter[ /tmp ] fg
lpr
IOT trap
jupiter[ /tmp ] ls -la /etc/BLA
ls: /etc/BLA: No such file or directory
jupiter[ /tmp ]
jupiter[ /tmp ] ls -la `which lpr`
-rwsr-sr-x 1 root daemon 26533 Feb 19 1996 /usr/local/bin/lpr*
jupiter[ /tmp ]
lpr will dump core if there is no symlink there. Maybe you failed to
install the patch correctly?
Regards,
Nir.
--
Nir Soffer * [email protected] * http://www.cs.huji.ac.il/~scorpios
"I wouldn't recommend sex drugs or insanity for everyone but they've
always worked for me."
-- Hunter S. Thompson
Mail me with the subject 'get pgp key' for my PGP Public key.