Patch advisory for Sun Microsystems. Please read for details.
5ce8bbca5b5f75a321785abff9a30f71d85fff372658e1d5ffa39442a7cbc8cb
SUN MICROSYSTEMS SECURITY BULLETIN: #00107
This information is only to be used for the purpose of alerting
customers to problems. Any other use or re-broadcast of this
information without the express written consent of Sun Microsystems
shall be prohibited.
Sun expressly disclaims all liability for any misuse of this information
by any third party.
---------------------------------------------------------------------------
Sun Bug ID : 1059621
Synopsis : security hole created by installing sunsrc
Sun Patch ID: Not applicable see fix below.
This applies to sites that have installed Sun Source tapes only.
The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and
installs two setuid root files in it: makeinstall and winstall.
These are both binary files which exec other programs: "make -k install"
(makeinstall) or "install" (winstall).
This makes it possible for users on that system to become root.
The solution:
chmod ug-s /usr/release/bin/{makeinstall, winstall}
(if the sources have already been installed)
and/or
edit the makefile in sunsrc/release and change the SETUID definition
(if the sources have been extracted from tape but not installed yet)
---------------------------------------------------------------------------
Special thanks to CERT and Tel-Aviv University for reporting this
problem.
Brad Powell
Sun Microsystems
Software Security Coordinator.