_____________________________________________________
             The Computer Incident Advisory Capability
                         ___  __ __    _     ___
                        /       |     / \   /
                        \___  __|__  /___\  \___
        _____________________________________________________
                         Information Bulletin

May 16, 1991, 1500 PST                                        Number B-27

                    sunsrc setuid Installation Problem
_________________________________________________________________________
PROBLEM:  Setuid security problem resulting from installing sunsrc
PLATFORM:    SunOS systems in which Sun Source tapes have been installed
DAMAGE:   May allow unauthorized root access 
SOLUTIONS:   Modify permissions for /usr/release/bin/ and/or edit the
   makefile in sunsrc/release and change SETUID definition 
_________________________________________________________________________
        Critical Facts about sunsrc setuid Installation Problem

Sun Microsystems has recently released a security bulletin (#00107)
describing a problem resulting from installing sunrc (distribution of
sources).  It is important to note that this problem affects only SunOS
systems that have installed Sun Source tapes.  A directory,
/usr/release/bin, is created when sunsrc is installed.  Two binary
files, makeinstall and winstall, are then installed in this directory.
Both of these files are setuid root.  Because these files exec other
programs, "make -k install" (makeinstall) and "install" (winstall), an
unauthorized user may become root.  The Sun Bug ID is 1059621.

To fix this problem, Sun Microsystems recommends that you follow 
both of the following procedures as root:

1.  If the sources have already been installed, use the command:

        chmod ug-s /usr/release/bin/{makeinstall, winstall}

to reset setuid bits in makeinstall and winstall.

2.  Remove the makeinstall and winstall entries from the SETUID 
definition in sunsrc/release/makefile.  This will insure that new 
setuid programs called makeinstall and winstall will not be 
re-installed inadvertently the next time root does a make(1).  The 
line in the makefile should be changed from

SETUID=makeinstall unmount winstall  .mountit

to

SETUID=unmount .mountit

For additional information or assistance, please contact CIAC:

  Eugene Schultz 
        (415) 422-7781 or (FTS) 532-7781
  gschultz@cheetah.llnl.gov

  Call CIAC at (415) 422-8193 or (FTS) 532-8193 or send e-mail
  to ciac@cheetah.llnl.gov.  

  Send FAX messages to:  (415) 423-0913 or (FTS) 543-0913.

Sun Microsystems provided some of the information used in this
bulletin.  This document was prepared as an account of work sponsored
by an agency of the United States Government. Neither the United States
Government nor the University of California nor any of their employees,
makes any warranty, express or implied, or assumes any legal liability
or responsibility for the accuracy, completeness, or usefulness of any
information, apparatus, product, or process disclosed, or represents
that its use would not infringe privately owned rights. Reference
herein to any specific commercial products, process, or service by
trade name, trademark, manufacturer, or otherwise, does not necessarily
constitute or imply its endorsement, recommendation or favoring by the
United States Government or the University of California. The views and
opinions of authors expressed herein do not necessarily state or
reflect those of the United States Government or the University of
California, and shall not be used for advertising or product
endorsement purposes.