Bugtraq mailing list archives
Solaris 2.5* ACLs and /dev/kmem access
From: abe () vic cc purdue edu (Vic Abell)
Date: Wed, 28 Aug 1996 12:44:06 -0500
ACLs seem a better method for empowering specific programs to read the memory devices (/dev/drum, dev/kmem, /dev/mem, /dev/swap, etc.) that does group assignment to those devices. That's particularly true when the group that owns the memory devices has other powers like ownership of directories and files. Both AIX and Solaris share this latter, questionable trait. Under AIX 4.1.4 it's possible to create a new group -- the familiar kmem to some of us -- that is the setgid() destination for programs permitted to use the memory devices. The ACLs for the memory devices can then be modified to permit members of the kmem group to read them. Doing that under Solaris 2.5 or 2.5.1 doesn't seem to be possible. The setfacl program reports: # setfacl -m u:<login>:r-- /dev/kmem /dev/kmem: failed to set acl entries setacl error: Operation not applicable or # ls -l /dev/kmem lrwxrwxrwx 1 root root ... /dev/kmem -> ../devices/pseudo/mm@0:kmem # setfacl -m u:<login>:r-- /devices/pseudo/mm@0:kmem /devices/pseudo/mm@0:kmem: failed to set acl entries setacl error: Operation not applicable (I've tried this on Solaris 2.5 and 2.5.1.) Is there a good reason Solaris 2.5* doesn't support setacl operation on memory devices? Or am I doing something wrong? Vic Abell <abe () purdue edu>
Current thread:
- Re: Tired of /tmp? Here's a proposed solution, (continued)
- Re: Tired of /tmp? Here's a proposed solution Sean B. Hamor (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution mdr () vodka sse att com (Aug 28)
- Rlogin vulnerabilty Gabriele Avosani (Aug 28)
- Re: Tired of /tmp? Here's a proposed solution Matthew J Brown (Aug 28)
- ftpbounce-0.1.tar.gz Rune Braathen (Aug 27)
- Re: [BUG] Vulnerability in PINE Rage-303.tr (Aug 27)
- Re: [BUG] Vulnerability in PINE Linux Mailing Lists (Aug 28)
- Re: [BUG] Vulnerability in PINE Sean B. Hamor (Aug 28)
- Re: [BUG] Vulnerability in PINE Jason Haar (Aug 29)
- HOLE: Unixware 2.03: crontab -e Hannu Laurila (Aug 29)
- Solaris 2.5* ACLs and /dev/kmem access Vic Abell (Aug 28)