A defect in Solaris can allow a malicious user to gain root privileges by setting the value of the TERM environment variable to a very large string, which will cause a buffer overrun in the db_dumper and db_loader programs. This problem is documented in defect number CMBU00054886. The following patch releases, or ones that supersede them, include a fix for this problem:
Table 1 Patch Release That Fix Defect CMBU00054886
| For Release | Use Patch Bundle |
|---|---|
| ClearCase 4.0 | clearcase_p4.0-30 |
| ClearCase 4.1 | clearcase_p4.1-24 |
| ClearCase 4.2 | clearcase_p4.2-11 |
| ClearCase LT 4.2 | clearcase_lt_p4.2-5 |
| ClearCase 2002.05.00 (5.0) | clearcase_p2002.05.00-1 |
| ClearCase LT 2002.05.00 (5.0) | clearcase_lt_p2002.05.00-1 |
After you have applied the patch, you may need to take additional steps if you upgrade a ClearCase 4.x host to ClearCase 2002.05.00 (5.0) or move a VOB from a Clearcase 4.x host to a Clearcase 5.0 host and also change the VOB schema version. Before you can do this, you must first log on as root and run the following commands where vob-stg-dir is the VOB storage directory and vob_owner is the user name of the VOB owner:
cd vob-stg-dir/db
chown vob_owner v*
after which you can reformat any VOBs on the host as either root or the VOB owner.
If you cannot apply the patch or you are running a version of ClearCase that has been removed from support, use the following workaround on ClearCase hosts running any release of Solaris.
First, remove setuid privileges from the db_dumper and db_loader programs:
Log on to the host as root. (Hosts that are not configured to support local VOBs do not have any db_dumper or db_loader programs installed.)
Execute the following commands:
chmod u-s ccase-home-dir/etc/db_loader
chmod u-s ccase-home-dir/etc/dumpers/db_dumper.*
After you have done this, you may not be able to execute certain ClearCase utilities on the host until you follow one of the procedures below.
On hosts running ClearCase releases earlier than 5.0, you will not be able to run reformatvob or mkreplica on the host until you restore setuid privileges to the db_loader and appropriate db_dumper program. Use the following procedure:
Log on to the VOB host as root
Execute the following commands:
chmod u+s ccase-home-dir/etc/db_loader
chmod u+s ccase-home-dir/etc/dumpers/db_dumper.VOB-schema-version
where VOB-schema-version is one of 38, 53, or 54.
Each db_dumper program is specific to a VOB schema version, which is indicated in the numeric suffix (for example, db_dumper.53 dumps VOBs that use schema version 53). You should restore setuid privileges only on the db_dumper version(s) you need.
Reformat the VOB(s)
After you have finished reformatting VOBs on the host or running mkreplica, remove setuid privileges from the db_dumper and db_loader programs.
On hosts running ClearCase 5.0, you will not be able to reformat any VOB created on ClearCase 4.x (a VOB you have moved from a 4.x host, for example) until you change the ownership of VOB database files using the following procedure:
Log on to the VOB host as root.
For each VOB on the host, execute the following commands, where VOB-storage-directory is the host-local path to the VOB storage directory and VOB-owner is the user ID of the VOB owner:
cd VOB-storage-directory/db
chown VOB-owner v*
Reformat the VOB as the VOB owner or root.
If you have any questions regarding the situations discussed in this Technical Bulletin, please contact Rational Customer Support via telephone, fax, or electronic mail as described below. For information regarding support hours, languages spoken, or other support information, click the Technical Support link on the Rational Web site at www.rational.com.
| Your Location | Telephone | Facsimile | Electronic Mail |
|---|---|---|---|
| North America | 800-433-5444 toll free or 408-863-4000 Cupertino, CA |
408-863-4194 Cupertino, CA 781-676-2460 Lexington, MA |
support@rational.com |
| Europe, Middle East, and Africa | +31-(0)20-4546-200 Netherlands | +31-(0)20-4546-201 Netherlands | support@europe.rational.com |
| Asia Pacific | 61-2-9419-0111 Australia | 61-2-9419-0123 Australia | support@apac.rational.com |
Technical Bulletin Number 44 - 01/23/02