[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit

To: [email protected] (Mike Duvos)
Subject: Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit
From: Bill Stewart <[email protected]>
Date: Sat, 22 Feb 1997 16:08:19 -0800
Cc: [email protected]
In-Reply-To: <[email protected]>
References: <[email protected]>
Sender: [email protected]

At 09:36 AM 2/22/97 -0800, Mike Duvos wrote:
>> Another hole in Solaris
>Horrors no!  

.....

>Where would Unix be without symbolic links and race conditions?  
>
>This is cute, in that rather than having to mung a symbolic link on
>the fly, the program conveniently asks for user input with suid set,
>and then pauses while you set the trap.  

As with many programs from the BSD universe, it's running with
root privileges when it could have gotten by with group privileges
or run as "nobody" or some other safe approach instead....

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#     (If this is a mailing list, please Cc: me on replies.  Thanks.)

References:
- Security hole in Solaris 2.5 (sdtcm_convert) + exploit
  - From: Cristian SCHIPOR <[email protected]>
- Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit
  - From: [email protected] (Mike Duvos)

Prev by Date: Re: IDEA/Strength?
Next by Date: Re: DES Crack Hype
Prev by thread: Re: Security hole in Solaris 2.5 (sdtcm_convert) + exploit
Next by thread: Re: DES Crack Hype
Index(es):
- Date
- Thread