Bugtraq mailing list archives

Re: [SRT2001-10] - scoadmin /tmp issues

From: KRFinisterre () checkfree com
Date: Wed, 23 May 2001 13:56:35 -0400


I am sorry it was a typo the os is as follows.

SCO_SV unixdev 3.2 5.0.5 i386
$ ln -s /etc/passwd /tmp/tclerror.1195.log
$ ls -al /tmp/tclerror.1195.log
 lrwxrwxrwx   1 kevin    supp          11 May 23 13:47
/tmp/tclerror.1195.log -> /etc/passwd



                                                                                       
                    Matt Schalit                                                       
                    <mschalit@pac        To:     Richard Johnson <thief () snosoft com>   
                    bell.net>            cc:     bugtraq () securityfocus com,            
                                         "Recon@Snosoft. Com" <recon () snosoft com>      
                    05/23/01             Subject:     Re: [SRT2001-10] - scoadmin /tmp 
                    01:39 PM             issues                                        
                                                                                       
                                                                                       




Hello Sir:


Richard Johnson wrote:


======================================================================
Strategic Reconnaissance Team Security Advisory(SRT2001-09)
Topic: scoadmin /tmp issues
Vendor: Santa Cruz Operations
Release Date: 05/07/01
======================================================================


[snip...]

.: Systems Affected
Unixware 5.x



  You bring to light various issues with software issued by the
"Santa Cruz Operations" (sic).  I'm sure they would prefer that
you call them by their correct name, the Santa Cruz Operation, or
simple SCO.

  The SCO server division has been acquired by Caldera, and
www.sco.com now points you to Caldera, for those of you who
may not know.


  SCO has two OS lines that have the following release history:

    UnixWare                              OpenServer
  ------------------                --------------------------
   ...                                  ...
   Unixware 2.1.2                       Unix System 5 Release 3.2v4.0
   Unixware 2.1.3                       Unix System 5 Release 3.2.4.2
   Unixware 7.0.0                       OpenServer 5.0.0
   Unixware 7.0.1                       OpenServer 5.0.2
   Unixware 7.1.0                       OpenServer 5.0.4
   Unixware 7.1.1  <-- Current          OpenServer 5.0.5
                                        OpenServer 5.0.6   <--- Current.


I spent about 15 minutes searching the net and the ng's for any reference
to a "UnixWare 5" or a "UnixWare 5.x" that you refer to with no success.

Would you please clarify for the rest of us exactly what OS you
see this problem with.  Please include the output of

      uname -a

.: Proof of Concept
ln -s /etc/passwd /tmp/tclerror.1195.log



This doesn't work on UnixWare 7.1.1.

   $ ln -s /etc/passwd /tmp/tclerror.1195.log
   UX:ln: ERROR: Cannot create /tmp/tclerror.1195.log: Not privileged




Regards,
Matthew Schalit
SCO ACE, Maintainer of the Uw7 FAQ.

Current thread:

[SRT2001-10] - scoadmin /tmp issues Richard Johnson (May 22)
- Re: [SRT2001-10] - scoadmin /tmp issues Matt Schalit (May 23)
- <Possible follow-ups>
- [SRT2001-10] - scoadmin /tmp issues Richard Johnson (May 22)
- Re: [SRT2001-10] - scoadmin /tmp issues KRFinisterre (May 23)