Patch-ID# 100631-01
Keywords: security, login domestic, LD_ environment variables
Synopsis: SunOS 4.x: environment variables can be used to exploit login
Date: 18/May/92

SunOS release: SunOS 4.1;4.1.1;4.1.2

Unbundled Product: 

Unbundled Release: 

Topic: security, login is exploitable via LD_ environment variables

BugId's fixed with this patch: 1085851

Architectures for which this patch is available: sun3, sun4

Patches which may conflict with this patch: 

Obsoleted by: 

Files included with this patch: login

Problem Description: a dynamically-linked program that is forked by
a setuid program has access to the callers environmental variables if
the setuid program sets the real UID equal to the effective UID and
the real GID equal to the effective GID before the dynamically-linked
program is forked.

Note that this patch contains the domestic version of /bin/login 
that users who are using the US Encryption Kit need to install. 
Patch 100630-01 contains the international version of /bin/login.  Domestic
/bin/login users should also obtain Patch 100630-01 to obtain patched
versions of /usr/bin/su and /usr/5bin/su.

Install Instructions: 

Perform all commands as root.  It is strongly recommended that the install
be performed in single user mode if user logins are possible during the
execution of these commands.

Make a copy of the old file:
mv /bin/login /bin/login.FCS

Change permissions on old file so it can't be executed:
chmod 0400 /bin/login.FCS

Install the patched files:
cp `arch`/login /bin/login

Change the owner and file permissions of the new files:
chown root.staff /bin/login
chmod 4755 /bin/login

