Vulnerability Development mailing list archives

Re: volcheck and sol 8

From: arboi () BIGFOOT COM (Michel Arboi)
Date: Thu, 20 Jul 2000 22:20:39 +0200

"MP" == Matthew Potter <mpotter () ATPCO COM> writes:


    MP> Anyone notice when they insert their goodies CD(the one with
    MP> the GNU Tools) from Solaris 8 that it auto runs a script
    MP> called volstart.

Which user is running volstart? root?

    MP> So what happens if I make my own CD with a little shell script
    MP> which calls a prebuilt binary with a setuid and setgid 0 ,
    MP> then system("/bin/sh")....  or what ever i want.

I am not sure there is a way to set the setUID bit on a CD (are UFS CD
still supported?), however, you may not need this.

    MP> It's silly since i have physical access anyways....

This way, you can send a CD with a trojan horse.
Funny... This is a classical trick on Windows. "Always disable the
autorun feature" :)

--
mailto:arboi () bigfoot com     http://www.bigfoot.com/~arboi/
GPG Public keys: http://www.bigfoot.com/~arboi/pubkey.txt

Current thread:

Re: volcheck and sol 8 Dimitry Andric (Jul 20)
- <Possible follow-ups>
- Re: volcheck and sol 8 Michel Arboi (Jul 20)
  - Re: volcheck and sol 8 Matthew Potter (Jul 20)
- Re: volcheck and sol 8 Marius Banica (Jul 20)
- Re: volcheck and sol 8 Jeffrey Karpenko (Jul 21)
- Re: volcheck and sol 8 Havens, Peter (Jul 21)
- Re: volcheck and sol 8 Michel Arboi (Jul 21)
  - Re: volcheck and sol 8 Sarel J. Botha (Jul 23)
  - Re: volcheck and sol 8 Brian Scanlan (Jul 24)