Patch-ID# 101679-01
Keywords: security modload ld, 101200-01 ported to 4.1.3_U1
Synopsis: SunOS 4.1.3_U1: Breach of security using modload
Date: May/13/94
 
Solaris Release: 1.1.1

SunOS Release: 4.1.3_U1
 
Topic: kernel security can be breached by setuid programs using modload 
 
BugId's fixed with this patch: 1137491

Architectures for which this patch is available: sun4(all)

Patches which may conflict with this patch:

Obsoleted by: 

Problem Description: 

	There is a bug in the program /usr/etc/modload in sunos 4.1.3
	and 4.1.3_U1.

	This is brought to light by using the program
	/usr/openwin/bin/loadmodule.
	loadmodule is a suid root program - it calls modload as part of
	its operation.

	modload calls ld - but it doesn't call it using a full pathname
	so that if you have a program called ld earlier in your path
	when you call loadmodule you can have your ld program run with
	the effective UID of 0.

INSTALL: 

As root:

Make a backup copy of the files to be installed:

mv /usr/kvm/modload	/usr/kvm/modload.orig

Now install the patched file:

cp 	sun4/modload	/usr/kvm/modload
chmod	755		/usr/kvm/modload

