Patch-ID#  100251-01
Keywords: security, create, chmod, /usr/lib/expreserve, race, break, system
Synopsis: SunOS 4.1,4.1.1:/usr/lib/expreserve race condition
Date: 25/March/91
 
SunOS release: 4.1, 4,1,1
 
Unbundled Product: 
 
Unbundled Release: 
 
Topic: 
 
BugId's fixed with this patch: 1044909

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c

Patches which may conflict with this patch:

Obsoleted by: SYS_V Rel 4

Problem Description:  

  A program has been shown that takes advantage of a race condition in most 
  versions of /usr/lib/expreserve.  Expreserve create(2)s a file as root in either
  /usr/preserve or /usr/preserve/$USER and then chmod(2)s the file.
  The Berkeley 4.3 version contains this bug as does earlier versions of
  expreserve.  BSD could safely fchmod(2) the file avoiding the race but
  DOES NOT. 
 


INSTALL: 

As root:
 # mv /usr/lib/expreserve /usr/lib/expreserve.FCS
 # chmod 600 /usr/lib/expreserve.FCS (this can later be removed after verifying
                                      the new version arrived undamaged)
 # cp sun{3,3x,4,4c}/{4.1,4.1.1}/expreserve /usr/lib/expreserve
 # chown root /usr/lib/expreserve
 # chgrp staff /usr/lib/expreserve
 # chmod 4755 /usr/lib/expreserve