Patch-ID# 101200-03 Keywords: security modload ld Synopsis: SunOS 4.1.3: Breach of security using modload Date: Sep/27/94 Solaris Release: 1.1 SunOS release: 4.1.3, 4.1.3C Unbundled Product: Unbundled Release: Topic: kernel security can be breached by setuid programs using modload BugId's fixed with this patch: 1137491 1168752 Changes incorporated in this version: 1168752 Architectures for which this patch is available: sparc Patches which may conflict with this patch: Obsoleted by: Problem Description: BUG ID 1168752: modload from patch 101200 does not work on all platforms. BUG ID 1137491: There seems to a bug in the program /usr/etc/modload in sunos 4.1.3 This is brought to light by using the program /usr/openwin/bin/loadmodule. loadmodule is a suid root program - it calls modload as part of its operation. INSTALL: As root: Make a backup copy of the files to be installed: mv /usr/kvm/modload /usr/kvm/modload.orig Now install the patched files: cp `arch -k`/modload /usr/kvm/modload chmod 755 /usr/kvm/modload