[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit



At 09:36 AM 2/22/97 -0800, Mike Duvos wrote:
>> Another hole in Solaris
>Horrors no!  

.....

>Where would Unix be without symbolic links and race conditions?  
>
>This is cute, in that rather than having to mung a symbolic link on
>the fly, the program conveniently asks for user input with suid set,
>and then pauses while you set the trap.  

As with many programs from the BSD universe, it's running with
root privileges when it could have gotten by with group privileges
or run as "nobody" or some other safe approach instead....


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)