Bugtraq mailing list archives
Re: Breaking in from the monitor at the console
From: jco () bbn com (John C. Orthoefer)
Date: Tue, 31 May 1994 15:58:37 -0400
AS you say, this really works, does anyone have the figures for Solaris 2.3?
Looks like 0x28 is the right number for Solaris 2.3. I've not tried it. (So ucred="28", should work.) The cred structure under solaris 2.3 is slightly different (according to the header files.) Solaris 1.x has 5 entries: 2 gid's (Real and Effective) and 3 uids (Real, Effective, and Accounting.) Solaris 2.3 has 6 entries, 3 gids, 3 uids (for effective, real, and saved). The "saved" are the ids for the process that exec'd the process. The offset of the first uid in the 2.3 cred structure is 0x4 (instead of 0x2.) The sizeof the uid_t is 4 instead of 2 bytes. Making the loop longer from 0x4 to 0x19 or 0x4 to 0x11 (to get only the real and effective.) So the line of forth would read: 19 4 do 0 $procp $ucred + l@ i + l! 4 +loop johno - John Orthoefer | The options described above interact with each <jco () bbn com> | other in strange and as yet to be defined ways. 617-873-6188 | -- BUGS section of the pr man page
Current thread:
- Breaking in from the monitor at the console an100188 () anon penet fi (May 27)
- <Possible follow-ups>
- Re: Breaking in from the monitor at the console an100188 () anon penet fi (May 28)
- Re: Breaking in from the monitor at the console Bonfield James (May 31)
- More PROM password problems Bonfield James (May 31)
- Re: Breaking in from the monitor at the console George Hodson (May 30)
- Re: Breaking in from the monitor at the console John C. Orthoefer (May 31)
- Re: Breaking in from the monitor at the console Matthew Jude Brown (May 31)
- Re: Breaking in from the monitor at the console Bruce Barnett (May 31)
- Re: Breaking in from the monitor at the console Casper Dik (May 31)
- Re: Re: Breaking in from the monitor at the console Pete Hartman (May 31)