v05i095: Secure patch1 -- official fix for the big hole
David Goodenough
dg at lakart.UUCP
Thu Dec 29 11:49:14 AEST 1988
Posting-number: Volume 5, Issue 95
Submitted-by: "David Goodenough" <dg at lakart.UUCP>
Archive-name: secure.patch1
[This was received as part of a mail message containing discussion about
the "secure" program; it not being my habit to broadcast private mail, I've
trimmed the rest. However, the "patch" below is NOT a diff and must be
applied by hand. If you haven't already done it yourself. ++bsa]
[P.S. Another approach will be posted soon. ++bsa]
OK - changing the following three lines:
< strcpy(program, a[0]);
< a[0] = "SEC-URE";
< execv(program, a); /* re exec ourselves so setuid bits work */
to
> a[0] = "SEC-URE"
> execv("/bin/secure", a);
and the problem goes away.
More information about the Comp.sources.misc
mailing list