Sun Security Advisory - If a local unprivileged user executes the gzip(1) command and specifies the -force or -f command line option, files which are hard linked to the target file(s) will have their permissions changed. This could allow other local unprivileged users the ability to read or modify files owned by the invoking user, or system files if gzip(1) is issued by a local privileged user.
f93306f2b1ee952a74a168404ecc378a434200e0ce91c50075aa6536e06cb3fb
<html>
<head>
<title>SunSolve Printer Friendly Page</title>
<LINK REL="Stylesheet" TYPE="text/css" TITLE="Sunstyle" HREF="/style.css">
</head>
<body>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td nowrap="" width="3%" valign="top"><b>Document ID:</b></td><td valign="top" align="left">57600</td></tr><tr><td nowrap="" width="3%" valign="top"><b>Title:</b></td><td valign="top" align="left">Document ID 57600</td></tr><tr><td nowrap="" width="3%" valign="top"><b>Synopsis:</b></td><td valign="top" align="left">The gzip(1) Command May Change the Permissions of Hard Linked Files on Solaris 8 Systems </td></tr><tr><td nowrap="" width="3%" valign="top"><b>Update Date:</b></td><td valign="top" align="left">2004-10-01</td></tr></table><hr><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr bgcolor="#999999"><td><font color="#ffffff" size="2"><b>Description</b></font></td><td align="right"><b><a href="#top"><font color="#ffffff" size="2">Top</font></a></b></td></tr></table><h2>
Sun(sm) Alert Notification
</h2><ul><li>
Sun Alert ID: 57600
</li><li>
Synopsis: The gzip(1) Command May Change the Permissions of Hard Linked Files on Solaris 8 Systems
</li><li>
Category: Security
</li><li>
Product: Solaris
</li><li>
BugIDs: 4793452
</li><li>
Avoidance: Workaround, Patch
</li><li>
State: Resolved
</li><li>
Date Released: 01-Oct-2004
</li><li>
Date Closed: 01-Oct-2004
</li><li>
Date Modified:
</li></ul><h2>
1. Impact
</h2>
If a local unprivileged user executes the gzip(1) command and specifies the "-force" or "-f" command line option, files which are hard linked to the target file(s) will have their permissions changed. This could allow other local unprivileged users the ability to read or modify files owned by the invoking user, or system files if gzip(1) is issued by a local privileged user.
<p></p><h2>
2. Contributing Factors
</h2>
This issue can occur in the following releases:
<p></p>
<b>SPARC Platform</b>
<p></p><ul><li>
Solaris 8 without patch <a href="/search/document.do?assetkey=1-21-112668-02-1">112668-02</a>
</li></ul>
<b>x86 Platform</b>
<p></p><ul><li>
Solaris 8 without patch <a href="/search/document.do?assetkey=1-21-112669-02-1">112669-02</a>
</li></ul>
<b>Notes:</b>
<p></p><ol><li>
Solaris 7 and Solaris 9 are not affected by this issue.
</li><li>
The described issue only occurs with versions of gzip(1) prior to 1.3.
</li></ol>
The version of gzip(1) on a system can be determined by running the following command:
<p></p><pre> $ <b>gzip --version</b> gzip 1.2.4 (18 Aug 93)
Compilation options:
DIRENT UTIME STDC_HEADERS HAVE_UNISTD_H </pre><h2>
3. Symptoms
</h2>
If the described issue occurs, files that are hard linked to the target file(s) will have their permissions changed to mode 0777 (-rwxrwxrwx).
<p></p><pre> $ <b>ln original-file hardlink</b>
$ <b>ls -l original-file hardlink</b>
-rw-r--r-- 2 user staff 293 Jun 24 18:33 hardlink
-rw-r--r-- 2 user staff 293 Jun 24 18:33 original-file
$ <b>gzip -f original-file</b>
$ <b>ls -l original-file* hardlink</b>
-rwxrwxrwx 1 user staff 293 Jun 24 18:33 hardlink
-rw-r--r-- 1 user staff 195 Jun 24 18:33 original-file.gz </pre>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr bgcolor="#999999"><td><font color="#ffffff" size="2"><b>Solution Summary</b></font></td><td align="right"><b><a href="#top"><font color="#ffffff" size="2">Top</font></a></b></td></tr></table><h2>
4. Relief/Workaround
</h2>
To work around the described issue, avoid using the "-f" or "-force" option with the gzip(1) command.
<p></p><h2>
5. Resolution
</h2>
This issue is addressed in the following releases:
<p></p>
<b>SPARC Platform</b>
<p></p><ul><li>
Solaris 8 with patch <a href="/search/document.do?assetkey=1-21-112668-02-1">112668-02</a> or later
</li></ul>
<b>x86 Platform</b>
<p></p><ul><li>
Solaris 8 with patch <a href="/search/document.do?assetkey=1-21-112669-02-1">112669-02</a> or later
</li></ul>
<i>This Sun Alert notification is being provided to you on an "AS IS" basis. This Sun Alert notification may contain information provided by third parties. The issues described in this Sun Alert notification may or may not impact your system(s). Sun makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun proprietary and confidential information. It is being provided to you pursuant to the provisions of your agreement to purchase services from Sun, or, if you do not have such an agreement, the Sun.com Terms of Use.
This Sun Alert notification may only be used for the purposes contemplated by these agreements.</i>
<p></p>
<i>Copyright 2000-2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved.</i>
<p></p>
<table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td width="25%" valign="top" bgcolor="#999999"><font size="2" color="#ffffff"><b>Applies To</b></font></td><td width="75%" valign="top" bgcolor="#cccccc"><font size="2">
</font></td></tr></table><p></p><table border="0" cellspacing="0" cellpadding="2" width="100%"><tr><td width="25%" valign="top" bgcolor="#999999"><font size="2" color="#ffffff"><b>Attachments</b></font></td><td width="75%" valign="top" bgcolor="#cccccc"><font size="2"> </font></td></tr></table><p></p>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed