Bugtraq mailing list archives
Re: setuid scripts in SunOS 4.1.x
From: jhawk () panix com (John Hawkinson)
Date: Fri, 23 Sep 1994 00:27:50 -0400 (EDT)
The best solution is to make sure you don't have suid shell scripts Cops does a fine job in finding them for you so does: find / \( -type d -fstype nfs -prune \) -o -type f \( -perm -4001 -o -perm -4010 -o -perm -4100 -o -perm -2100 -o -perm -2010 -o -perm -2001 \) If I remeber correctly SunOS 4.1.x is just one of those UNIX systems that allows suid shell scripts. I don't think this will be 'fixed'. But you can always try to mail security-alert () Sun COM.Of course you can always mount your filesystems `nosuid'.
The "correct" thing to do is to patch kern_exec.c (kern_exec.o). This is nontrivial if you don't have source. It's trivial if you do (I don't). No one has done this publically as of yet. Thinking about it, I wonder if the BSD kern_exec is "good enough". If so, perhaps it could be substituted. Anyone? (Casper?) -- John Hawkinson jhawk () panix com
Current thread:
- Re: setuid scripts in SunOS 4.1.x Richard Huddleston (Sep 21)
- <Possible follow-ups>
- Re: setuid scripts in SunOS 4.1.x Peter Jeremy (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Colin Campbell (Sep 23)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Karl Strickland (Sep 24)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 26)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 26)
- Re: setuid scripts in SunOS 4.1.x Harold van Aalderen (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Rafi Sadowsky (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Paul O'Donnell (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 27)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 27)
- Re: setuid scripts in SunOS 4.1.x Valdis.Kletnieks () vt edu (Apr 17)
- Re: setuid scripts in SunOS 4.1.x jmc () gnu ai mit edu (Sep 28)
- Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)