Bugtraq mailing list archives

Re: setuid scripts in SunOS 4.1.x

From: sgcccdc () citec qld gov au (Colin Campbell)
Date: Fri, 23 Sep 94 8:52:20 EST


In message <9409212345.AA24268 () gsms01 alcatel oz au> you write:

I have just noticed that SunOS 4.1.x has not fixed the setuid script
problem.  I can't see a solution on SunSolve and Sun Support are not
helpful.  Can anyone advise me of the procedure to fix this bug?


The best solution is to make sure you don't have suid shell scripts
Cops does a fine job in finding them for you so does:

find /   \( -type d -fstype nfs -prune \) -o -type f \( -perm -4001 -o -perm
 -4010 -o -perm -4100 -o -perm -2100 -o -perm -2010 -o -perm -2001 \)

If I remeber correctly SunOS 4.1.x is just one of those UNIX systems that
allows suid shell scripts. I don't think this will be 'fixed'.
But you can always try to mail security-alert () Sun COM.

Of course you can always mount your filesystems `nosuid'.

Colin

Current thread:

Re: setuid scripts in SunOS 4.1.x Richard Huddleston (Sep 21)
- <Possible follow-ups>
- Re: setuid scripts in SunOS 4.1.x Peter Jeremy (Sep 22)
- Re: setuid scripts in SunOS 4.1.x Colin Campbell (Sep 23)
  - Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 22)
    - Re: setuid scripts in SunOS 4.1.x Karl Strickland (Sep 24)
    - Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 26)
    - Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 26)
    - Re: setuid scripts in SunOS 4.1.x Harold van Aalderen (Sep 27)
    - Re: setuid scripts in SunOS 4.1.x Rafi Sadowsky (Sep 27)
    - Re: setuid scripts in SunOS 4.1.x Paul O'Donnell (Sep 27)
    - Re: setuid scripts in SunOS 4.1.x Fred Blonder (Sep 27)
    - Re: setuid scripts in SunOS 4.1.x John Hawkinson (Sep 27)
    - Re: setuid scripts in SunOS 4.1.x Valdis.Kletnieks () vt edu (Apr 17)

(Thread continues...)