by [[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]
>I installed the kernel patch (106541-15) on a solaris 7 system. I have an
>application running on the server which uses the catopen/catget calls to open a
>message catalog. The new kernel patch causes the catopen/catgets system calls to
>fail, which were working fine with the previous patch level 5. There was a CERT
>advisory transmitted around Aug 2000 which pointed out a bug in the Unix suid
>facility, all major Unix vendors were suseptable to it. SUN fixed it in Solaris
>8 and has been trying to patch the previous releases. I think the new kernel
>patch has some kind of fix for this bug which is breaking my app. The problem
>for our server is that now with the newest patch suid works for root only, all
>other applications which run under non-root user IDs can not run suid programs.
>Also, when I change ownership of a non root catalog to root the program runs
>fine as a non-root user ID.
>Any one have any clues as to what's going on. I have been working with SUN
>support for several weeks but they have yet to give me a clear answer.
the NLSPATH problems.
Unfortunately, we cannot fix this properly and have everything still
work exactly as before.
Chowning the files to root helps some; installing them in system
directories also. Not requiring NLSPATH to be set also helps.
I'm not quite sure I understand what you mean my:
"other applications which run under non-root user IDs can not run suid program"
I think we changed it such that suid programs can only open root-owned
catalogues. I'd need to check.
I did the code and it's pretty fascist.
I'd need to know a bit more about what you're doing. That way
I can either explain to you why what you're doing is a possible
security hole or whether we're perhaps too strict.
Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.