Bugtraq mailing list archives

wabi 2.2 sol 2.x and more, SUN, The insecure network is the ,

From: frantic () storm certix fr (Anthony C. Zboralski)
Date: Fri, 9 Aug 1996 16:53:56 +0200


I remember starting a flame on ids 'cause i said Solaris 2.5 was not
secure.

# uname -a
SunOS webbar 5.5 Generic sun4m

i dunno what happened to the guyz at sun .. but they must stop dope..

even with a default umask of 077.. when i installed wabi 2.2 (SUNWwabi),
look at what i got :

and this is only a small cutout the whole package is like that:

/opt/SUNWwabi:
total 8
lrwxrwxrwx   1 root     other          13 Jul 10 13:37 SUNWwabi ->
/opt/SUNWwabi/
drwxrwxrwx   2 root     other         512 May 24 14:42 bin/
drwxrwxrwx   2 root     other         512 May 21 11:23 drvr/
drwxrwxrwx   2 root     other        1024 May 21 11:23 icons/
drwxrwxrwx   3 root     other         512 May 21 11:24 lib/
drwxrwxrwx   3 root     other         512 May 21 11:24 man/
drwxrwxrwx   2 root     other         512 May 21 11:24 printers/
drwxrwxrwx   5 root     other        1024 May 21 11:24 wbin/

/opt/SUNWwabi/bin:
total 6461
-rwxrwxrwx   1 root     other       19593 May 21 11:32 wabi*
-rwxrwxrwx   1 root     other       11272 May 21 11:23 wabiclientinstall*
-rwxrwxrwx   1 root     other      426344 May 21 11:23 wabifs*
-rwxrwxrwx   1 root     other       10472 May 21 11:23 wabimakelower*
-rwxrwxrwx   1 root     other        6904 May 21 11:23 wabiplatform*
-rwxrwxrwx   1 root     other     3026456 May 21 11:23 wabiprog*
-rwxrwxrwx   1 root     other     3038148 May 21 11:23 wabiprog.8+*
-rwxrwxrwx   1 root     other       34432 May 21 11:23 wabiwintegrate*
lrwxrwxrwx   1 root     other           6 Jul 10 13:36 wbin -> ../bin/


better chmod -R og-w /opt/SUNWwabi/

but it is not only wabi:

/etc:
drwxrwxrwx   3 root     root          512 Jul 13 17:17 openwin/

/etc/openwin:
total 1
drwxrwxrwx   3 root     root          512 Jul 13 17:17 devdata/

/etc/openwin/devdata:
total 1
drwxrwxrwx   2 root     root          512 Jul 13 17:17 profiles/

/etc/openwin/devdata/profiles:
total 4
-rw-rw-rw-   1 root     root          928 Aug  8 18:51 DirectColor0x23:0.0
-rw-rw-rw-   1 root     root          928 Aug  8 18:51 PseudoColor0x22:0.0
-rw-rw-rw-   1 root     root          928 Aug  8 18:51 StaticColor0x25:0.0
-rw-rw-rw-   1 root     root          924 Aug  8 18:51 TrueColor0x26:0.0

/opt/SUNWits/Graphics-sw/xil/examples:
total 4
drwxrwxrwx   2 bin      bin           512 Jul  3 13:11 rtvc_capture_movie/
drwxrwxrwx   2 bin      bin           512 Jul  3 13:11 rtvc_display/
drwxrwxrwx   2 bin      bin           512 Jul  3 13:11
rtvc_video_conference/
drwxr-xr-x   2 bin      bin           512 Jul  3 13:11 test/

/var/adm:
-rw-rw-rw-   1 bin      bin             0 Jul  3 12:40 spellhist
-rw-rw-rw-   1 root     root          165 Jul 23 18:03 vold.log

/var/adm/log:
total 4
-rw-rw-rw-   1 root     root         3544 Aug  8 17:20 asppp.log

/var:
drwxrwxrwx   4 root     root          512 Aug  8 17:21 dt/
drwxrwxrwx   2 bin      bin           512 Jul  3 12:39 news/
drwxrwxrwx   4 bin      bin           512 Jul 27 21:37 preserve/

/var/dt:
total 8
drwxrwxrwx   3 bin      bin           512 Jul  3 13:59 appconfig/
drwxrwxrwx  10 bin      bin           512 Aug  8 17:45 tmp/

/var/dt/appconfig:
total 1
drwxrwxrwx   5 bin      bin           512 Aug  5 15:02 appmanager/

/var/spool:
total 9
drwxrwxrwx   2 bin      bin           512 Jul  3 12:39 pkg/


/var/log:
total 224
-rw-rw-rw-   1 root     other       20071 Aug  8 20:12 syslog
-rw-rw-rw-   1 root     other       42350 Aug  3 02:30 syslog.0
-rw-rw-rw-   1 root     other       30974 Jul 27 02:43 syslog.1
-rw-rw-rw-   1 root     other       53224 Jul 20 02:30 syslog.2
-rw-rw-rw-   1 root     other       57099 Jul 12 18:18 syslog.3

/var/lp/logs:
total 6
-rw-rw-rw-   1 root     root          789 Aug  8 17:20 lpNet
-rw-rw-rw-   1 root     root          568 Aug  8 17:20 lpsched

/var/saf:
total 7
-rw-rw-rw-   1 root     root         5256 Aug  8 17:21 _log

/var/spool:
total 9
drwxrwsrwt   2 daemon   daemon        512 Jul 23 17:51 calendar/
drwxrwxrwx   2 bin      bin           512 Jul  3 12:39 pkg/
drwxrwxrwt   2 uucp     uucp          512 Jul  3 13:01 uucppublic/

/var/spool/lp/fifos:
total 2
prw-rw-rw-   1 lp       lp              0 Jul  3 13:20 FIFO|
drwxrwx-wx   2 lp       lp            512 Jul 17 19:57 public/

/usr/oasys/tmp:
total 0
-rw--w--w-   1 bin      bin             0 Oct 25  1995 TERRLOG

Current thread:

wabi 2.2 sol 2.x and more, SUN, The insecure network is the , Anthony C. Zboralski (Aug 09)
- Re: wabi 2.2 sol 2.x and more, SUN, The insecure network is the , Herold Heiko (Aug 10)
  - Re: wabi 2.2 sol 2.x and more, SUN, The insecure network is the , Greg Woods (Aug 12)
- <Possible follow-ups>
- Re: wabi 2.2 sol 2.x and more, SUN, The insecure network is the , Bruce Barnett (Aug 12)
- Re: wabi 2.2 sol 2.x and more, SUN, The insecure network is the , Sean Fuller (Aug 14)