Bugtraq mailing list archives
Re: Solaris 2.3 login
From: shipley () merde dis org (Evil Pete)
Date: Fri, 12 Aug 1994 11:46:39 -0700
From: John Tipper, Open Client/Server Group *** Resending note of 12/08/94 13:44 Classification: -- NONE -- Subject: Core Dumps Hi, I'm new to this area, and to butraq, so please bear with me if this note is in the wrong format, or doesn't belong here. Can someone please explain what the security implications are if a program results in a coredump? I have discovered several programs here on my machines that can result in these. How could an intruder use these to gain access? What are the best ways of combatting this? Thanks,
in the case with login, if login dumps there is a change that you can
get a "page" from the shadow password in the dump; thus if you do this
a few time you can get a copy of the shadow password file.
Also it depends on the system. A old "get root quick" method was to do
the following
ls -s /etc/passwd ./core
then get something to dump core and it might over write a system file.
If your binary has a string that looks like a valid password line you
might get root. ( this assumes the kernal core_dump funtion will
follow links with is not the case under current verions of BSD).
-Pete
Current thread:
- Re: Solaris 2.3 login Jas (Aug 11)
- <Possible follow-ups>
- Re: Solaris 2.3 login richard oxbrow (Aug 12)
- Re: Solaris 2.3 login jatipper () vnet IBM COM (Aug 12)
- Re: Solaris 2.3 login Perry E. Metzger (Aug 12)
- Re: Solaris 2.3 login John DiMarco (Aug 12)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: disabling login in V1 #14 matthew green (Aug 19)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: Solaris 2.3 login Peter Wemm (Aug 12)
- Re: Solaris 2.3 login Evil Pete (Aug 12)
- Re: Solaris 2.3 login Marc W. Mengel (Aug 12)
- Re: Solaris 2.3 login Christopher A. Stewart (Aug 12)
- Re: Solaris 2.3 login David Barr (Aug 14)