Bugtraq mailing list archives
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
From: phess () best com (Patrick Hess)
Date: Wed, 16 Aug 1995 12:03:52 -0700
"Nathan Lawson once said:"
Aleph1 said:Well while we taling about SysV ps IRIX's its sgid to sys, writes to /tmp/.ps_data and /tmp/.ps_XXXXXX but /tmp was the sticky bit on.The /tmp/.psXXXXXX is open to a race. The directory is safe as long as it isn't world writable. -Nate
Ya know, if /tmp isn't world writeable doesn't that defeat the purpose of having a /tmp at all? It's kinda like security by never giving out accounts. Sure, it's secure but useless. The whole point of having a /tmp is to give people with limited disk space somewhere to put their junk for a short time. That means the _world_ has to be able to write to it. The sticky-bit on the directory makes it such that only the creator of the file can remove it when the directory is otherwise world writeable. It is the obvious and elegant solution to this problem. Sorry for the little tirade, but I kinda got the impression that there were people on this list that didn't quite understand why this hole is serious, but easily fixed. I now return you to your regularly scheduled security leaks. Pat
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability, (continued)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Cross (Aug 17)
- SunOS 4.1.x ptrace flaw Bonfield James (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Adam Prato (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Sam Quigley (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Alexander L. Haiut (Aug 16)
- /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Brian Perkins (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Darren Reed (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Casper Dik (Aug 17)
- BUGTRAQ ALERT: Solaris 2.x Arve Kjoelen (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability System Administrator (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability David Rukshin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Mark Graff (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Paul Ashton (Aug 18)