Patch-ID# 101631-02 Keywords: keypad nodelay security root permission mouse Synopsis: SunOS 5.3: kd and ms fixes Date: Oct/17/94 Solaris Release: 2.3 SunOS release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: kb and ms fixes BugId's fixed with this patch: 1149609 1174516 Changes incorporated in this version: 1174516 Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /kernel/strmod/kb /kernel/strmod/ms Problem Description: 1174516 bug in mouse code makes "break root" attack possible This patch fixes a security hole. The security hole made break root attacks possible. (from 101631-01) 1149609 keypad() fails when used with nodelay() The generated code from a FUNCTION_KEY will be sent in one message block so that a nodelay read will read off all the bytes in one read and recognise that a FUNCTION_KEY has been pressed. Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- none