Bugtraq mailing list archives

Re: Exploiting Zolaris 2.4 ?? :)

From: leif () netscape com (Leif Hedstrom)
Date: Sun, 4 Aug 1996 14:29:11 -0700

David DeSimone writes:
Even if a program can dump core into a writable directory, that is not
the same thing as being able to overwrite a file.  If you make a symlink
core -> /etc/passwd, the dump will only succeed if /etc/passwd is also
writable by the setgid group.  If that's the case, then you are in


How about (as proposed in the first posting) creating /usr/sbin/rtc? Or,
if you have some patience, create a file in /etc/rc2.d (for instance)?

-- Leif

Current thread:

Re: Exploiting Zolaris 2.4 ?? :) Leif Hedstrom (Aug 04)
- <Possible follow-ups>
- Re: Exploiting Zolaris 2.4 ?? :) Fletch (Aug 04)
  - Re: your mail Greg Woods (Aug 05)
    - Re: your mail neill (Aug 05)
  - PAM login programs? Josh Wilmes (Aug 05)
    - procmail DANIEL .D .EZEKIEL (Aug 05)
    - (Fwd) CERT Advisory CA-96.17 - Vulnerability in Solaris vold Hubert Feyrer (Aug 06)
    - Re: procmail Adam Shostack (Aug 06)
    - Re: procmail Jon Lewis (Aug 06)
    - Re: procmail Neil Soveran-Charley (Aug 06)
    - Re: procmail James Wang (Aug 06)

(Thread continues...)