Bugtraq mailing list archives
/usr/bin/solstice under solaris 5.5
From: gkaufman () cs uct ac za (Grant Kaufmann)
Date: Fri, 18 Oct 1996 09:36:56 +0200
/usr/bin/solstice is a program launcher under solaris 2.5 Unfortunately, for some reason, it is distributed set-gid bin, and politely launches any programs without revoking this. The exploit: --- (ignore any warnings/errors along the way) /usr/bin/solstice click Launcher click Add Applications fill in any arbitary things for the fields, stick the program you want to run as setgid bin (or create a sgid shell) click on the icon which appears with your app name. --- As an aside, is there any reason why Solaris distributes with so many important (like /etc and /bin) as writable by group? This really converts a lot of not-so-dangerous set-gid vulnerabilities to root vulnerabilities. -- Grant -- http://www.cs.uct.ac.za/~gkaufman/pgp.html
Current thread:
- /usr/bin/solstice under solaris 5.5 Grant Kaufmann (Oct 18)
- Re: /usr/bin/solstice under solaris 5.5 Casper Dik (Oct 19)
- Urgent !! Serious Linux Security Bug.... Jake the Prince (Oct 19)
- Re: Urgent !! Serious Linux Security Bug.... The Cowzilla Man (Oct 19)
- Re: Urgent !! Serious Linux Security Bug.... TriumpH (Oct 20)
- Ping Crashes Erik Fichtner (Oct 22)
- Re: Urgent !! Serious Linux Security Bug.... Kim Alm (Oct 22)
- Re: Urgent !! Serious Linux Security Bug.... Darren Reed (Oct 22)
- <Possible follow-ups>
- /usr/bin/solstice under solaris 5.5 Scriptors of DOOM (Oct 18)