Bugtraq mailing list archives
Re: Solaris 2.3 login
From: r.oxbrow () ee mu OZ AU (richard oxbrow)
Date: Fri, 12 Aug 1994 19:45:36 +1000
You wrote to me about **Re: Solaris 2.3 login**:
: well i had a bit of a hack around last night with 2.3 login. it seems you
: can set enviroment variables with login such as
:
: ..
: this will quite hapilly core dump login. now i dont see a huge problem so
: much from this unless of course someone has managed to compromise saf or
: ttymon as well. *shrug* but when it is core dumped it is running as root
: and it does leave a world writeable core in /. im not sure if this would
: make it insecure as i havent had much experience in cracking systems, but
: im sure there are some people out there that can do a fair amount of damage
: given a world writable file owned by root. *shrug* will there be a patch?
:
Run strings over the core - and see how much of /etc/shadow is in the
core file. You could trying leaving a core file behind and chmod to
0000 to stop other people from reading the core file ( if you find bits
of /etc/shadow in the core) ... and cat /dev/null > /core to zero the
file.
.richard
_______________________________________________________________________________
r.oxbrow () ieee Org "On the Internet, nobody knows you`re a dog."
P Steiner, IEEE/The New Yorker 1993
Current thread:
- Re: Solaris 2.3 login Jas (Aug 11)
- <Possible follow-ups>
- Re: Solaris 2.3 login richard oxbrow (Aug 12)
- Re: Solaris 2.3 login jatipper () vnet IBM COM (Aug 12)
- Re: Solaris 2.3 login Perry E. Metzger (Aug 12)
- Re: Solaris 2.3 login John DiMarco (Aug 12)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: disabling login in V1 #14 matthew green (Aug 19)
- Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
- Re: Solaris 2.3 login Peter Wemm (Aug 12)
- Re: Solaris 2.3 login Evil Pete (Aug 12)
- Re: Solaris 2.3 login Marc W. Mengel (Aug 12)
- Re: Solaris 2.3 login Christopher A. Stewart (Aug 12)
- Re: Solaris 2.3 login David Barr (Aug 14)