Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

[alx () CS bgu ac il (Alexander L. Haiut)]

On Tue, 15 Aug 1995, Brian Perkins wrote:

> I found that the program would not work if I tried to put the root shell in
> my home dir, which was mounted via NFS.I tried fo half an hour.
> If I tried moving it to /tmp, it worked within a minute, a couple of times.

        Don't you think it's because your home dir mounted via NFS is
        mounted with "nosuid" option ? Just an idea, no more.. :)

On Tue, 15 Aug 1995, Aleph One wrote:

> Well while we taling about SysV ps IRIX's its sgid to sys, writes
> to /tmp/.ps_data and /tmp/.ps_XXXXXX but /tmp was the sticky bit on.

        Well, checked IBM AIX, seems to be Ok too.. /tmp has sticky
        bit on, and /usr/bin/ps is sgid to "system" group only.

                Hope here we're safe.. Whaddya say?!    --alex.

--

Alexander Haiut                                                +972-7-461658
Math & CS System group                                      alx () cs bgu ac il
Ben-Gurion University, Israel                  http://www.cs.bgu.ac.il/~alx/