Bugtraq mailing list archives
Re: Exploiting Zolaris 2.4 ?? :)
From: leif () netscape com (Leif Hedstrom)
Date: Sun, 4 Aug 1996 14:29:11 -0700
David DeSimone writes: Even if a program can dump core into a writable directory, that is not the same thing as being able to overwrite a file. If you make a symlink core -> /etc/passwd, the dump will only succeed if /etc/passwd is also writable by the setgid group. If that's the case, then you are in
How about (as proposed in the first posting) creating /usr/sbin/rtc? Or, if you have some patience, create a file in /etc/rc2.d (for instance)? -- Leif
Current thread:
- Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
- Re: your mail Greg Woods (Aug 05)
- Re: your mail neill (Aug 05)
- PAM login programs? Josh Wilmes (Aug 05)
- procmail DANIEL .D .EZEKIEL (Aug 05)
- (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
- Re: procmail Adam Shostack (Aug 06)
- Re: procmail Jon Lewis (Aug 06)
- Re: procmail Neil Soveran-Charley (Aug 06)
- Re: procmail James Wang (Aug 06)
- Re: your mail Greg Woods (Aug 05)