Patch-ID# 101080-01 Keywords: CTE5592, ex, security, vi, expreserve Synopsis: SunOS 4.1.1 4.1.2 4.1.3: security problem with expreserve Date: Jun/09/93 SunOS release: 4.1.1 4.1.2 4.1.3, 4.1.3C Unbundled Product: Unbundled Release: Topic: BugId's fixed with this patch: 1044909, 1083183 Changes incorporated in this version: Relevant Architecture: sparc NOTE: sun3(all), sun4(all) Patches which may conflict with this patch: Obsoleted by: NOTE: This patch obsoletes patch 100251-01. Files included with this patch: expreserve Problem Description: 1044909 race condition when file is created owned by root. 1083183 expreserve can be used to overwite any file. INSTALL: Login as root. mv /usr/lib/expreserve /usr/lib/expreserve.FCS chmod 600 /usr/lib/expreserve.FCS cp `arch`/expreserve /usr/lib/expreserve chown root.staff /usr/lib/expreserve chmod 4755 /usr/lib/expreserve