Patch-ID# 106120-01
Keywords: security ex vi expreserve 
Synopsis: SunOS 4.1.4: expreserve security problem 
Date: Mar/03/98
 
Solaris Release: 1.1.2

SunOS release: 4.1.4

Unbundled Product:

Unbundled Release:

Relevant Architectures: sparc
    NOTE: sun4(all)
 
BugId's fixed with this patch: 1044909 1083183 1263969

Changes incorporated in this version:

Patches accumulated and obsoleted by this patch:

Patches which may conflict with this patch: 

Patches required with this patch:

Obsoleted by:

Files included with this patch: expreserve

Problem Description: 

1044909 race condition when file is created owned by root.
1083183 expreserve can be used to overwite any file.
1263969 expreserve fix for bug 1083183 not bundled into Solaris 1.1.2

Patch Installation Instructions:

1) As root, make a copy of the original expreserve file:
   mv /usr/lib/expreserve /usr/lib/expreserve.FCS
   chmod 600 /usr/lib/expreserve.FCS

2) Copy the new file from the patch directory:
   cp expreserve /usr/lib
   chown root.staff /usr/lib/expreserve
   chmod 4755 /usr/lib/expreserve
