minor rdist bug
Jay Lepreau
lepreau at utah-cs.UUCP
Thu Oct 30 13:08:30 AEST 1986
There is a minor security problem with the recommended fix to allow
rdist to propagate sticky bits: normally only root is allowed to set the
sticky bit. But with the proposed fix, if a user has a machine on which
he has root privileges, and then rdist's (as himself) a file to a
machine on which he does not have root privs, he can introduce binaries
with the sticky bit set. No big deal, but here's a better way to fix
rdist/server.c:
1038c1038,1039
< (mode & 06000) && chmod(file, mode) < 0) {
---
> (mode & (06000 | (userid ? 0 : S_ISVTX))) &&
> chmod(file, mode) < 0) {
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list