Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Solaris 7 and solaris 8 file permissions

From: darren.moffat () SUNUK UK SUN COM (Darren Moffat - Solaris Sustaining Engineering)
Date: Mon, 24 Jan 2000 11:39:43 +0000


corrected.  The spellhist file, however, still uses the same permissions as
Solaris 7 did.  Granted this issue wont result in a root
compromise it does allow for users to fill up the /var partition without
having root access.


The 666 permissions are required for spell to work as designed and
removing the world write permissions to the file will break spell:

$ spell
tee: /var/adm/spellhist: Permission denied

See the files/notes section of spell(1).

FILES
...
    H_SPELL=/var/adm/spellhist
           history file

NOTES
     Misspelled words can be monitored by default by setting  the
     H_SPELL  variable  in  /usr/bin/spell  to the name of a file
     that has permission mode 666.

Now given that /usr/bin/spell is a ksh script if you don't want this
feature then change the following line to have /dev/null instead of
/var/adm/spellhist.  Users can then set H_SPELL themselves if they
want their own spellhist file.

H_SPELL=${H_SPELL:-/var/adm/spellhist}


(Yes, I know /var/tmp exists and would allow for the same thing.)


That and a whole list of others including

/var/mail
/var/preserve
/var/spool/uucppublic

Running atjobs.

--
Darren J Moffat
Previous By Date Next
Previous By Thread Next

Current thread: