Bugtraq mailing list archives
Re: Solaris 7 and solaris 8 file permissions
From: jkatz () IN NET (Jonathan [no, I don't write for /.] Katz)
Date: Sun, 23 Jan 2000 16:46:46 -500
On Sat, 22 Jan 2000, Steve Dispensa wrote:
pa:/var/adm$ ls -ld spellhist -rw-rw-rw- 1 bin bin 0 Dec 15 07:28 spellhist pa:/var/adm$ ls -ld vold.log -rw-rw-rw- 1 root root 3063 Jan 22 00:48 vold.log
This is OLD. Sun just hasn't fixed it yet. See the old CPIO Advisory on this: http://www.in.net/~jkatz/infosec/009.txt Casper Dik's "fix-modes" script from: ftp://ftp.wins.uva.nl/pub/solaris/ is still valid. Take Care! -Jon PS, here's a repost of the old advisory: **************** CPIO Security Notice **************** Issue Number 9: 971208 Topic: Solaris /var Permission problems Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5. **** Solaris /var permission problems **** Both Solaris 2.5.1 and Solaris 2.6 leave remarkably exploitable permissions on files and directories in /var after a default install. After patch installs, many of these highly insecure permissions still exist. Others may have noticed this behaviour, but no one at CPIO has yet seen it summarized or published. Careful examination of both operating systems (OK, running find(1) :) ) on sun4c, sun4m, and sun4u platforms yielded the following results. Solaris for x86 platforms may be similarly affected. After checking all machines with the same set of commands, we have found the following permission problems with these files: Solaris 2.5.1: /var/adm/vold.log (mode 666, root:root) /var/adm/spellhist (mode 666, bin:bin) /var/adm/messages (mode 666, root:other) NOTE: this is the first set of permissions on this file. newsyslog fixes this during t he archive process. /var/adm/log/asppp.log (mode 666, root:root) /var/news (directory, mode 777, bin:bin) /var/log/syslog (mode 666, root:other) On initial install, this is 664, but when rolled over, becomes 666. Patch 104613 fixes this. /var/log/sysidconf.log (mode 777, root:other) /var/sadm/install/.pkg.lock (mode 666, root:root) /var/spool/lp/fifos/FIFO (mode 666, lp:lp) /var/lp/logs/lpsched (mode 666, root:root) /var/lp/logs/lpNet (mode 666, root:root) /var/preserve (directory, mode 777, bin:bin) /var/spool/pkg (directory, mode 777, bin:bin) Solaris 2.6: /var/adm/vold.log (mode 666, root:root) /var/adm/spellhist (mode 666, bin:bin) /var/log/sysidconf.log (mode 777, root:other) /var/saf/_log (mode 666, root:root) /var/dmi/db/1l.comp (mode 666, root:root) /var/dmi/db/1l.tbl (mode 666, root:root) /var/snmp/snmpdx.st (mode 666, root:root) /var/snmp/snmpdx.st.old (mode 666, root:root) PATCHES AND FIXES Some patches fix some problems-- patch 104613 fixes the /var/log/syslog problem on 2.5.1. In addition, Casper Dik has a program called "fix-modes" which is available from ftp://ftp.wins.uva.nl/pub/solaris/ This fixes many of the descrepancies detailed here. CREDITS Contributed by CPIO. Jonathan Katz compiled the final bad permissions lists. The CPIO Team <consulting () cpio org> Jonathan Katz <jkatz () cpio org>
Current thread:
- Solaris 7 and solaris 8 file permissions Steve Dispensa (Jan 22)
- Re: Solaris 7 and solaris 8 file permissions Jonathan [no, I don't write for /.] Katz (Jan 23)
- Re: Solaris 7 and solaris 8 file permissions Casper Dik (Jan 24)
- <Possible follow-ups>
- Re: Solaris 7 and solaris 8 file permissions Darren Moffat - Solaris Sustaining Engineering (Jan 24)