Bugtraq mailing list archives
Re: bin owned system files
From: beren () cosmos kaist ac kr (Jungseok Roh)
Date: Fri, 26 Jul 1996 07:03:57 -0900
In Solaris 2.x, many of the system files and directories are distributed with the owner as "bin" and the group as "bin". Many security publications warn against "root" executables that are not owned by "root". Are there any known problems/bugs/etc. with "root" executing system binaries owned by "bin" as long as the "bin" account is disabled in /etc/passwd. (i.e. * for password and /bin/false for the shell). Thanks, bob
hm..Solaris 2.4 has fatal drawbacks in CORE dump. if directory is group writable.. ex. /etc is owned by sys. then using Setgid utilities .. we can write SOMETHIN on those directories dumping the core .
******************************************************************* Bob Adams Eastman Kodak Company Systems Security Engineer 1447 St. Paul Street Email: adams () Kodak com Mail Code 37009 Phone: (716) 253-5281 Rochester, NY 14653-7009 Fax: (716) 253-5846 ******************************************************************
Current thread:
- bin owned system files Robert E. Adams (Jul 25)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)
- Re: ? Trojan /usr/bin/false ? Elliot Lee (Jul 25)
- Re: bin owned system files Gene Spafford (Jul 25)
- Re: bin owned system files Colin Jenkins (Jul 26)
- Re: bin owned system files Gene Spafford (Jul 26)
- Re: bin owned system files Jungseok Roh (Jul 26)
- <Possible follow-ups>
- Re: bin owned system files William McVey (Jul 26)
- Re: bin owned system files dsiebert () icaen uiowa edu (Jul 26)
- Re: bin owned system files Bruce Barnett (Jul 26)
- ? Trojan /usr/bin/false ? Jeremy Brinkley (Jul 25)