Path: utzoo!attcan!uunet!husc6!mailrus!csd4.milw.wisc.edu!nic.MR.NET!hal!ncoast!allbery
From: dg@lakart.UUCP (David Goodenough)
Newsgroups: comp.sources.misc
Subject: v05i095: Secure patch1 -- official fix for the big hole
Message-ID: <8812201433.AA07627@lakart.UUCP>
Date: 29 Dec 88 01:49:14 GMT
Sender: allbery@ncoast.UUCP
Reply-To: dg@lakart.UUCP (David Goodenough)
Lines: 23
Approved: allbery@ncoast.UUCP

Posting-number: Volume 5, Issue 95
Submitted-by: "David Goodenough" <dg@lakart.UUCP>
Archive-name: secure.patch1

[This was received as part of a mail message containing discussion about
the "secure" program; it not being my habit to broadcast private mail, I've
trimmed the rest.  However, the "patch" below is NOT a diff and must be
applied by hand.  If you haven't already done it yourself.  ++bsa]

[P.S.  Another approach will be posted soon.  ++bsa]

OK - changing the following three lines:

<	strcpy(program, a[0]);
<	a[0] = "SEC-URE";
<	execv(program, a);	/* re exec ourselves so setuid bits work */

to

>	a[0] = "SEC-URE"
>	execv("/bin/secure", a);

and the problem goes away.