Security bug in batch system
Sean Casey
sean at ukma.UUCP
Sun Jun 23 09:38:44 AEST 1985
There is a major security bug in the batch system posted by Len Lalonde
in <14907 at watmath.UUCP>. Batch.c runs setuid root, but does not check any
files given to it as arguments for access permissions. Thus it becomes
possible to read any file on the system by specifying it as the shell file
argument to batch.
The patch to fix this bug follows:
*** batch.c.orig Tue Jun 18 12:29:18 1985
--- batch.c Tue Jun 18 21:33:25 1985
***************
*** 156,161
if(argv[i][0] == '-')
continue;
if((input = fopen(argv[i], "r")) == NULL) {
perror(argv[i]);
cleanup();
--- 164,171 -----
if(argv[i][0] == '-')
continue;
+ if(access(argv[i],R_OK) != 0)
+ setuid(getuid());
if((input = fopen(argv[i], "r")) == NULL) {
perror(argv[i]);
cleanup();
More information about the Comp.sources.bugs
mailing list