Bugtraq mailing list archives
Solaris ff.core and wsinfo commands.
From: jkb () mrc-lmb cam ac uk (Bonfield James)
Date: Tue, 6 Dec 94 15:55:41 WET
Hello,
I recently did a find command on Solaris 2.3:
find /usr/openwin \( -perm -02000 -o -perm -04000 \) -ls
This shows a couple programs that I'm unfamilier with - ff.core and wsinfo. I
was appalled to find that BOTH of these segmentation faulted when I ran them.
Should we consider this normal behaviour for setuid and setgid programs!? I
think not...
Neither of them have manual pages that I can find. Shouldn't we be at least
told what the setuid and setgid programs on our systems are for?
I haven't seen any _obvious_ ways that these could be dangerous for security,
but I'm naturally suspicious of any setuid/setgid program that crashes. Has
anyone got any further info on these programs?
James
Current thread:
- Re: Virus's -- This is an Emacs bomb, (continued)
- Re: Virus's -- This is an Emacs bomb Rens Troost (Dec 06)
- letter bombs: enable-local-eval saves Emacs 19 Stephen Gildea (Dec 06)
- Re: Virus's -- This is an Emacs bomb Robert Lau (Dec 06)
- Re: Virus's -- This is an Emacs bomb Charles Howes (Dec 07)
- good times nobody () c2 org (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Geir Inge Jensen (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Jim Littlefield (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Pat Myrto (Dec 06)
- Solaris ff.core and wsinfo commands. Bonfield James (Dec 06)
- Re: Solaris ff.core and wsinfo commands. John C. Orthoefer (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Jason Matthews (Dec 06)
- Re: Got this - not sure of authenticity. Better safe etc... Eric Kimminau (Dec 07)