Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

[bperkins () NETSPACE ORG (Brian Perkins)]

I found that the program would not work if I tried to put the root shell in
my home dir, which was mounted via NFS.  I tried fo half an hour.
If I tried moving it to /tmp, it worked within a minute, a couple of times.

Is there a /proc based ps? It seems to me that this would be a better fix.

> I haven't been able to get this to work. It seems that /usr/bin/ps does not
> create any files in /tmp. I had two windows open, one doing a while true ; do
> ls /tmp ; sleep 1 ; done. And the other trying this exploit. A ps.* file is
> never created (rather no files are created in /tmp). I accidentally left the
> exploit running all night and it still didn't work. /usr/ucb/ps however does
> create a ps_data file, but it doesnt seem to be changed by psrace.

--

Brian Perkins                               bperkins () netspace org