Bugtraq mailing list archives
Re: Solaris 2.3 login
From: matt () uts EDU AU (Jas)
Date: Fri, 12 Aug 1994 13:47:00 +1000 (EST)
well i had a bit of a hack around last night with 2.3 login. it seems you can set enviroment variables with login such as % exec login user IFS=/ now of course IFS,PTAH,SHELL cant be set but others can! now of course since login tries to read past the user name you can get login to core dump quite easily by over feeding it like this % exec login user "`cat big.binary.file`" this will quite hapilly core dump login. now i dont see a huge problem so much from this unless of course someone has managed to compromise saf or ttymon as well. *shrug* but when it is core dumped it is running as root and it does leave a world writeable core in /. im not sure if this would make it insecure as i havent had much experience in cracking systems, but im sure there are some people out there that can do a fair amount of damage given a world writable file owned by root. *shrug* will there be a patch? Matt -- Matthew Keenan Systems Programmer Information Technology Division University of Technology Sydney www: http://milliways.itd.uts.edu.au/~matt/ email: matt () uts edu au phone: +61 2 330 1390 "Don't murder a man who is about fax: +61 2 330 1999 to commit suicide." home: +61 2 416 5722 -- Machiaveli GCV 2.1 GAT/M/CS d--(-+) H-- s++:-- g+ p? !au a-(?) w+++ v+ C+++$ UVS++++$ P+>+++ L- 3+++ E-(++) N++ K W--- M+ V-- -po+(+) Y+ t+ !5>++ jx R+ G? !tv b+++ D++ B e+ u--(**) h- f+(*) r n- !y
Current thread:
- Re: Solaris 2.3 login Jas (Aug 11)
- <Possible follow-ups>
- Re: Solaris 2.3 login richard oxbrow (Aug 12)
- Re: Solaris 2.3 login jatipper () vnet IBM COM (Aug 12)
- Re: Solaris 2.3 login Perry E. Metzger (Aug 12)
- Re: Solaris 2.3 login John DiMarco (Aug 12)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: disabling login in V1 #14 matthew green (Aug 19)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: Solaris 2.3 login Peter Wemm (Aug 12)
- Re: Solaris 2.3 login Evil Pete (Aug 12)
- Re: Solaris 2.3 login Marc W. Mengel (Aug 12)
- Re: Solaris 2.3 login Christopher A. Stewart (Aug 12)
(Thread continues...)