SUN MICROSYSTEMS SECURITY BULLETIN: #00107 This information is only to be used for the purpose of alerting customers to problems. Any other use or re-broadcast of this information without the express written consent of Sun Microsystems shall be prohibited. Sun expressly disclaims all liability for any misuse of this information by any third party. --------------------------------------------------------------------------- Sun Bug ID : 1059621 Synopsis : security hole created by installing sunsrc Sun Patch ID: Not applicable see fix below. This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall). This makes it possible for users on that system to become root. The solution: chmod ug-s /usr/release/bin/{makeinstall, winstall} (if the sources have already been installed) and/or edit the makefile in sunsrc/release and change the SETUID definition (if the sources have been extracted from tape but not installed yet) --------------------------------------------------------------------------- Special thanks to CERT and Tel-Aviv University for reporting this problem. Brad Powell Sun Microsystems Software Security Coordinator.