Bugtraq mailing list archives

/usr/bin/solstice under solaris 5.5

From: gkaufman () cs uct ac za (Grant Kaufmann)
Date: Fri, 18 Oct 1996 09:36:56 +0200


/usr/bin/solstice is a program launcher under solaris 2.5
Unfortunately, for some reason, it is distributed set-gid bin,
and politely launches any programs without revoking this.
The exploit:

---
(ignore any warnings/errors along the way)
/usr/bin/solstice
click Launcher
click Add Applications
fill in any arbitary things for the fields, stick the program
        you want to run as setgid bin (or create a sgid shell)
click on the icon which appears with your app name.
---


As an aside, is there any reason why Solaris distributes
with so many important (like /etc and /bin) as writable by
group? This really converts a lot of not-so-dangerous
set-gid vulnerabilities to root vulnerabilities.


--
Grant
--
http://www.cs.uct.ac.za/~gkaufman/pgp.html

Current thread:

/usr/bin/solstice under solaris 5.5 Grant Kaufmann (Oct 18)
- Re: /usr/bin/solstice under solaris 5.5 Casper Dik (Oct 19)
- Urgent !! Serious Linux Security Bug.... Jake the Prince (Oct 19)
  - Re: Urgent !! Serious Linux Security Bug.... The Cowzilla Man (Oct 19)
  - Re: Urgent !! Serious Linux Security Bug.... TriumpH (Oct 20)
    - Ping Crashes Erik Fichtner (Oct 22)
    - Re: Urgent !! Serious Linux Security Bug.... Kim Alm (Oct 22)
  - Re: Urgent !! Serious Linux Security Bug.... Darren Reed (Oct 22)
- <Possible follow-ups>
- /usr/bin/solstice under solaris 5.5 Scriptors of DOOM (Oct 18)