Bugtraq mailing list archives
BUGTRAQ ALERT: Solaris 2.x
From: akjoele () shiva ee siue edu (Arve Kjoelen)
Date: Fri, 18 Aug 1995 10:00:24 -0500
I was able to reproduce the problem on a SPARC 5/85 running Solaris 2.5 BETA within approximately 2.5 minutes when using /usr/bin/ps I was not very successful in doing so with /usr/ucb/ps. But then again, may be I haven't let the job run long enough.
Dave
This is also the case on Solaris 2.3 and 2.4. /usr/bin/ps is easily compromised, while /usr/ucb/ps is not. I ran the job all night on a machine running Solaris2.3, using /usr/ucb/ps, without success. However, doing a truss on both /usr/bin/ps and /usr/ucb/ps reveals what looks to me like identical procedures for dealing with the /tmp/ps* files: partial output from truss /usr/bin/ps (after /tmp/ps_data removed): getpid() = 26224 [26223] access("/tmp/ps.a006Pk", 0) Err#2 ENOENT open("/tmp/ps.a006Pk", O_WRONLY|O_CREAT|O_EXCL, 0664) = 3 chown("/tmp/ps.a006Pk", 0, 3) = 0 write(3, "\0\001 s", 4) = 4 write(3, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420 close(3) = 0 rename("/tmp/ps.a006Pk", "/tmp/ps_data") = 0 Partial output from truss /usr/ucb/ps (after /tmp/ups_data removed): getpid() = 26089 [26088] access("/tmp/ps.a006Nd", 0) Err#2 ENOENT open("/tmp/ps.a006Nd", O_WRONLY|O_CREAT|O_EXCL, 0664) = 4 chown("/tmp/ps.a006Nd", 0, 3) = 0 write(4, "\0\001 s", 4) = 4 write(4, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420 write(4, "\0\0 $FC", 4) = 4 write(4, " P R _ S I Z E\0\0\0\0\0".., 189360) = 189360 write(4, "\0\0\004F006D998F0\t l10".., 40) = 40 close(4) = 0 rename("/tmp/ps.a006Nd", "/tmp/ups_data") = 0 My question is: Why doesn't the psrace program work on /usr/ucb/ps ? Arve Kjoelen, System Administrator, Electrical Engineering Dept., Southern Illinois University at Edwardsville, 618-692-2524 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2 mQCNAzAvqdwAAAEEAKRdBFn7O/h+wz3tOQwHWvaFKS6gi+UezzCXli/QnuCrJcUE agvlVVZ/PzKG5i23VdbghyHsVElvKzRW/D1pYor6xSluCftXzSxbCuiEIe2SXUsH 65AqFN688upXzRKHcq3bU/eKB7xUOGqCDot8AzModnwE+XWCgdqn8CTZCNGhAAUR tCJBcnZlIEtqb2VsZW4gPGFram9lbGVAZWUuc2l1ZS5lZHU+ =csFb -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability, (continued)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Alexander L. Haiut (Aug 16)
- /proc ps for Solaris 2.X Doug Hughes (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Dan Thorson (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Patrick Hess (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Aleph One (Aug 15)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Nathan Lawson (Aug 16)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Darren Reed (Aug 17)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Casper Dik (Aug 17)
- BUGTRAQ ALERT: Solaris 2.x Arve Kjoelen (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability System Administrator (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability David Rukshin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Scott Chasin (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Mark Graff (Aug 18)
- Re: BUGTRAQ ALERT: Solaris 2.x vulnerability Paul Ashton (Aug 18)