Bug#4190: Bug4190: serious security hole in libc (resolver)

To: 4190@bugs.debian.org
Subject: Bug#4190: Bug4190: serious security hole in libc (resolver)
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
Date: Thu, 29 Aug 1996 14:20:35 +0200 (MET DST)
Message-id: <[🔎] 199608291220.OAA07120@i17linuxb.ists.pwr.wroc.pl>
Reply-to: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>, 4190@bugs.debian.org

Hi,

is there any way to change the subject line of an already existing
bug report?  This hole is a really *serious* (not moderate) one -
it lets any local and remote users read any file on the system.

I think there are two possible ways to fix it:
(1) ignore the dangerous environment variables completely (is anyone
    actually using them?  I heard about them for the first time from
    the security alert...).  If anyone needs these features - create
    a separate full-featured resolver library people can use (for
    non-setuid programs only) by setting LD_PRELOAD.

(2) ignore them if (geteuid() != getuid() || getegid() != getgid()).
    Problem: you can pass them to login via telnetd, so telnetd
    needs to be fixed too.  Anyway, I think telnetd should do what
    the one in NetKit-0.08 does: allow only a few (known to be safe)
    environment variables, and don't allow the rest.  Right now, we
    check for a few variables known to be dangerous - and we can't
    be sure that there are no more.  The bash man page mentions
    BASH_ENV in one place, and it's not checked by telnetd.

Marek

Reply to:

Follow-Ups:
- Bug#4190: Bug4190: serious security hole in libc (resolver)
  - From: david@elo.ods.com (David Engel)

Prev by Date: Bug#4332: Vulnerability in the Xt library (fwd)
Next by Date: Re: dpkg-buildpackage and -source questions
Previous by thread: Bug#4332: Vulnerability in the Xt library (fwd)
Next by thread: Bug#4190: Bug4190: serious security hole in libc (resolver)
Index(es):
- Date
- Thread