From owner-freebsd-hackers  Sat May 18 20:24:49 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id UAA03613
          for hackers-outgoing; Sat, 18 May 1996 20:24:49 -0700 (PDT)
Received: from nol.net (root@dazed.nol.net [206.126.32.101])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id UAA03608
          for <freebsd-hackers@FreeBSD.org>; Sat, 18 May 1996 20:24:45 -0700 (PDT)
Received: from dazed.nol.net (blh@dazed.nol.net [206.126.32.101]) by nol.net (8.7.5/8.7.3) with SMTP id WAA22203; Sat, 18 May 1996 22:24:06 -0500 (CDT)
X-AUTH: NOLNET SENDMAIL AUTH
Date: Sat, 18 May 1996 22:24:04 -0500 (CDT)
From: "Brett L. Hawn" <blh@nol.net>
To: Andre Grosse Bley <gandalf@infinity.ping.de>
cc: Dan Polivy <danp@library.pride.net>, freebsd-hackers@FreeBSD.org
Subject: Re: SECURITY BUG in FreeBSD (fwd) 
In-Reply-To: <199605181951.VAA00672@infinity.ping.de>
Message-ID: <Pine.SOL.3.93.960518222323.21514D-100000@dazed.nol.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Sat, 18 May 1996, Andre Grosse Bley wrote:

Just as a thought... wouldn't it be smarter in the long run to rewrite rm to
not check for euid.

Brett



> I think this one is easy to fix:
> 
> edit /usr/src/lib/libc/gen/getvfsent.c
> 
> In vfsload() you'll see following code:
> 
>         status = execlp("modload", "modload", "-e", name_mod, "-o", 
> name_mod,
>                         "-u", "-q", path, (const char *)0);
>         
> I replaced it by:
> 	status = execlp("/sbin/modload", "/sbin/modload", "-e", name_mod, 
> "-o", 
> name_mod,
>                         "-u", "-q", path, (const char *)0);
> 
> rebuilt libc (and INSTALLED!) after that. And don't forget to rebuild 
> /sbin/mount_union (and mount_msdos, both are setuid)
> 
> This fixes the bug for me, i hope i didn't made any mistakes. Anyone 
> could tell me if that's ok?
> 
> BTW: Easier is to remove setuid bit from mount_union (and msdos, both 
> are setuid!)
> 
> -- 
> Regards, Andre
>