Bugtraq mailing list archives
Solaris 7 and solaris 8 file permissions
From: dispensa () MAVERICK MWIS NET (Steve Dispensa)
Date: Sat, 22 Jan 2000 13:52:21 -0600
Problem: SOLARIS 7: pa:/var/adm$ ls -ld spellhist -rw-rw-rw- 1 bin bin 0 Dec 15 07:28 spellhist pa:/var/adm$ ls -ld vold.log -rw-rw-rw- 1 root root 3063 Jan 22 00:48 vold.log pa:/var/adm$ uname -a SunOS pa.hick.org 5.7 Generic sun4m sparc SUNW,SPARCstation-5 pa:/var/adm$ echo "Hmmm, neat, that's nice of SUN to let me write to these files in /var/adm." >> spellhist pa:/var/adm$ echo "Let's get rid of the vold.log, shall we?" > vold.log pa:/var/adm$ cat spellhist Hmmm, neat, that's nice of SUN to let me write to these files in /var/adm. pa:/var/adm$ cat vold.log Let's get rid of the vold.log, shall we? pa:/var/adm$ id uid=100(mmiller) gid=10(staff) pa:/var/adm$ SOLARIS 8: viper:/var/adm$ ls -ld spellhist -rw-rw-rw- 1 root bin 0 Jan 12 16:38 spellhist viper:/var/adm$ id uid=1003(mmiller) gid=10(staff) viper:/var/adm$ uname -a SunOS viper 5.8 Beta_Refresh i86pc i386 i86pc viper:/var/adm$ Summary: There are dangerous write permissions on logging files in Solaris 7 and Solaris 8. In Solaris 8, the issue with vold.log has been corrected. The spellhist file, however, still uses the same permissions as Solaris 7 did. Granted this issue wont result in a root compromise it does allow for users to fill up the /var partition without having root access. (Yes, I know /var/tmp exists and would allow for the same thing.) Solution: Have SUN distributed Solaris 8 with the permissions fixed on the spellhist file or rely on the administrators of the systems to fix the permissions themselves. Matt Miller Afro Productions Cherry Blue Team mmiller () expire net http://www.afro-productions.com by way of Steve Dispensa
Current thread:
- Solaris 7 and solaris 8 file permissions Steve Dispensa (Jan 22)
- Re: Solaris 7 and solaris 8 file permissions Jonathan [no, I don't write for /.] Katz (Jan 23)
- Re: Solaris 7 and solaris 8 file permissions Casper Dik (Jan 24)
- <Possible follow-ups>
- Re: Solaris 7 and solaris 8 file permissions Darren Moffat - Solaris Sustaining Engineering (Jan 24)