Re: Security Problem !?!
>
> No, I was not running patch as root.
> I've done it a number of times now with the same result !
Well, if that is true, then eighter you've got a setuid
patch (likely, though it means whoever did it should be banned
from ever touching a keyboard again. If you did it, then tough),
or you've really found an enourmous bug in the kernel.
As you can see, when I run patch as non-root, the files created
are not owned by root, so it only happens on your machine.
> I have not changed anything with regard to patch....
> I'll test again today, but I'm sure I'll get the same
> results.
>
> Matthew
>
>
>
> On Sat, 18 Oct 1997, joost witteveen wrote:
>
> > >
> > > I'm not sure if this is suppose to happen, but it sure
> > > looks serious to me...
> > >
> > > While patching some source code I noticed that all the files
> > > that were patched were now group owned by root !?!
> > >
> > > The command I used was:
> > > patch -p1 < patch.diff
> > >
> > > I've done this a few times to check, and each time it changes.
> > > Is this suppose to happen ??
> >
> > No, you're not supposed to run patch as root. Patch
> > apparently creates a new file before starting to apply the changes
> > to that particular file, and the creation happens as the UID that
> > started patch. In your case, this, as you were root when you ran
> > patch, this UID was 0 (root).
> >
> > See transcript where you can see the original file hoi1 has inode
> > 412018, but after patching, the inode changed to 32923. Thus patch
> > has created that file anew:
> >
> >
> > rulcmc:~/rommel$ echo hoi > hoi1
> > rulcmc:~/rommel$ echo hoi1 > hoi2
> > rulcmc:~/rommel$ ls -ali hoi1 hoi2
> > 412018 -rw-r--r-- 1 joost users 4 Oct 18 12:07 hoi1
> > 412019 -rw-r--r-- 1 joost users 5 Oct 18 12:07 hoi2
> > rulcmc:~/rommel$ diff -u hoi1 hoi2|patch
> > patching file `hoi1'
> > rulcmc:~/rommel$ ls -ali hoi1 hoi2
> > 32923 -rw-r--r-- 1 joost users 5 Oct 18 12:07 hoi1
> > 412019 -rw-r--r-- 1 joost users 5 Oct 18 12:07 hoi2
> >
> > I think it's quite normal that patch creates files owned by
> > the user whos starts patch, and indeed, I wouldn't want patch
> > to mess around with the ownership of that file.
> >
> > PS: if you really were running patch as non-root, you've descovered
> > a very, very, very, very enourmously serious security bug.
> > But I'm sure you haven't
> > --
> > joost witteveen, joostje@debian.org
> > #!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
> > $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
> > lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
> > #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
> >
>
--
joost witteveen, joostje@debian.org
#!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: