CA-94:06.README
Last Revised: April 1, 1994

This file is a supplement to the CERT Advisory CA-94:06.utmp.vulnerability of
March 21, 1994 and will be updated as additional information becomes available.


Corrections:

1) SunOS 4.1.3_U1 (Solaris 1.1.1) is _not_ vulnerable to this problem.


Clarifications:

1) If you make /etc/utmp writable only by root, this should only affect
   programs that allocate pseudo terminal interfaces and want to add
   an appropriate entry to the /etc/utmp file.  Such programs include
   script(1), cmdtool(1), gfxtool(1), shelltool(1), and tektool(1).
   These programs will no longer be able to add an entry to /etc/utmp
   which means that programs such as who(1), syslogd(1), and others that
   use /etc/utmp will not know that an account is using that pseudo tty.

2) No program should be made setuid root just to workaround this problem.
   Setuid programs must be written very carefully to avoid creating yet
   more vulnerabilities.

3) The installation instructions on the syslogd patch do not point out
   that, until you stop and restart syslogd (or reboot the system),
   the old version is still running and the security hole has not been
   closed.