ff.core on Solaris 2.4

[jkb () mrc-lmb cam ac uk (Bonfield James)]

Hello,

A while ago I mailed about ff.core and wsinfo security problems on Solaris
2.3. At the time many people replied saying either get patch 101889 or upgrade
to Solaris 2.4. ["ff.core contains 2 security bugs -- both are patched in
Solaris 2.4"]

I've just installed Solaris 2.4, installed the patch cluster supplied, and
also installed a couple other patches. I can still crash both ff.core and
wsinfo with ease. Wsinfo dumps core too - as group sys.

I looked at couldn't find patch 101889 integrated into Solaris 2.4. Infact
that last listed was 101888. I haven't investigated any futher (ie attempted
exploits), but I'd guess that the upgrade from 2.3 to 2.4 had now recreated
the bug :-( Surely it can't be that hard to fix it for Solaris 2.4 too!
Wsinfo doesn't appear to be mentioned in any patches. I guess it's not been
fixed. I've no idea whether there's a hole in it or not - just that I have a
deep distrust of setuid/setgid programs that core dump.

Finally, my newly upgraded system appears to have /usr and /usr/sys (probably
others too) in group sys and group writable. I chmoded this, but then a
subsequent installpatch set them back again. Is there a database online
somewhere that I can correct this information in to prevent installpatch doing
this?

        James