Bugtraq mailing list archives
Re: Solaris patchadd(1) (3) symlink vulnerabilty
From: Cy Schubert - ITSD Open Systems Group <Cy.Schubert () uumail gov bc ca>
Date: Thu, 21 Dec 2000 17:16:40 -0800
In message <3A4194BD.916CC630 () campus qro itesm mx>, "Juan M. Courcoul" writes:
"Juergen P. Meier" wrote: ...However: Sun Microsystems does recommend to only install patches at single-user mode (runlevel S). So no other possibly malicious user can exploit this ksh behaviour.True single-user mode, meaning the state of the machine after it starts with a 'boot -s' is, indeed, the safest state in which to apply patches, especially those that have systemwide consequences. However, application patches can be cautiously applied, like Sun recommends, "with the system with a minimum of activity". ...Always do init S before applying solaris patches. (especially if you do kernel or devicedriver patches, check your readme's).Unless you are running a recent (>= Solaris 7) version, I would emphatically recommend that you shut the machine down, start it with a 'boot -s', and then apply your recommended patches in THIS single-user mode. My experience with previous versions (we've been running Solaris hosts since 2.3) is that 'init S' does not garantee that all multiuser processes get killed, since not all of these have the corresponding Kxxx shutdown scripts in the appropiate rcX.d directory. Sure, users do get booted out, but the processes continue running happily, so you can still find yourself in a pickle.
One thing I used to do when I installed patches myself was to copy the system disk to another disk, mounted on /foobar. Then chroot to /foobar while in multi-user state and install patches there and boot from the /foobar disk, because installpatch -R did not work for a period of time. As I've delegated patch installation, I suspect that patchadd should be able to handle this as well. Make sure that /foobar's permissions are 700 or better yet make sure that foobar is mounted under a directory who's permissions are 700. This has the added benefit a simple backout procedure if you need to back out a set of patches quickly. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert () osg gov bc ca Open Systems Group, ITSD, ISTA Province of BC
Current thread:
- Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 18)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Matthew Potter (Dec 20)
- <Possible follow-ups>
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 19)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Dan Harkless (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Cy Schubert - ITSD Open Systems Group (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Szabo (Dec 20)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 22)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juan M. Courcoul (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Juergen P. Meier (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Paul Theodoropoulos (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Peter W (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Jonathan Fortin (Dec 21)
- Re: Solaris patchadd(1) (3) symlink vulnerabilty Neulinger, Nathan R. (Dec 21)