I originally asked:
> Can anyone think of why the patched versions [of the selection_svc]
> are statically linked?
[...]
> The only reason I could think of is that the security problem might
> have arisen from problems in the SunView libraries as well as the
> selection_svc code itself.
It turns out that this might indeed have been the reason. Dennis
Morse <dmorse@sun-valley.stanford.edu> forwarded a copy of the README
file from the 386i version of selection_svc patch from Sun that read
(in part):
] This directory contains a selection_svc patched to fix Bug# 1039576 &
] 1040606.
]
] This is a dynamically linked process, but with "libsuntool" linked in
] statically. Henece it increases the size of the "selection_svc"
] object from just over 4K to about 58K. It has been tested to work
] with 4.0.1, 4.0.2, and 4.0.3beta. It has not been tested, and will
] probably not work, with 4.0.0. I do not plan to provide a patch for
] 4.0.0.
]
] The changes to the process are:
] 1. The west-coast "sel_svc" changes in the suntool library, which
] disallow the selection service from being contacted from
] remote machines. This change necessitates the static linking
] of the libsuntool library, since I did not want to generate
] new 4.0.1, 4.0.2 and 4.0.3 shared libraries.
]
] 2. A change to selection_svc to cause it to run as "daemon",
] rather than "root", when started from the rc file. This
] prevents users with logins on a machine from getting root
] file-read permission on that machine.
]
]
So there you have it: libsuntool is the culprit, at least on 386i
machines. The patched versions are statically linked because Sun
didn't want to put out special patches for SunOS 4.0.1 or SunOS 4.0.0.
Note that Sun *did* put out separate patches for 4.0.3 and 4.1, for
both sun3 and sun4 architectures.
Thanks to all who replied.
Manavendra K. Thakur Internet: thakur@zerkalo.harvard.edu
System Manager, High Energy Division BITNET: thakur@cfa.BITNET
Harvard-Smithsonian Center for DECNET: CFA::thakur
Astrophysics UUCP: ...!uunet!mit-eddie!thakur
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:05:58 CDT