Bugtraq mailing list archives
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
From: alx () CS bgu ac il (Alexander L. Haiut)
Date: Wed, 16 Aug 1995 11:54:21 +0200
On Tue, 15 Aug 1995, Brian Perkins wrote:
I found that the program would not work if I tried to put the root shell in my home dir, which was mounted via NFS.I tried fo half an hour. If I tried moving it to /tmp, it worked within a minute, a couple of times.
Don't you think it's because your home dir mounted via NFS is mounted with "nosuid" option ? Just an idea, no more.. :) On Tue, 15 Aug 1995, Aleph One wrote:
Well while we taling about SysV ps IRIX's its sgid to sys, writes to /tmp/.ps_data and /tmp/.ps_XXXXXX but /tmp was the sticky bit on.
Well, checked IBM AIX, seems to be Ok too.. /tmp has sticky bit on, and /usr/bin/ps is sgid to "system" group only. Hope here we're safe.. Whaddya say?! --alex. -- Alexander Haiut +972-7-461658 Math & CS System group alx () cs bgu ac il Ben-Gurion University, Israel http://www.cs.bgu.ac.il/~alx/
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Michael Dilger (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 17)
- SunOS 4.1.x ptrace flaw Bonfield James (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Neil Readwin (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Adam Prato (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Sam Quigley (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Alexander L. Haiut (Aug 16)
- /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- <Possible follow-ups>
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Darren Reed (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Casper Dik (Aug 17)
- BUGTRAQ ALERT: Solaris 2.x Arve Kjoelen (Aug 18)