Re: Beer & talk at Usenix Security Symposium

[alx () CS bgu ac il (Alexander L. Haiut)]

> Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and
> motif 1.2.3. Anyone can get limited (possibly more) access to the
> system if:
>  -There is a ".xsession" file that is world readable in the root "/" 
>    directory (i.e. 644 as usual)
>  -Sync account is left with default passwd entry of
>    "sync::5:1:/:/bin/csh"  (i.e. Which is the Sun install default)

        If my memory serves me well, the SunOS 4.1.x default passwd 
        entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ?

        Sure, this should be fixed because of things you show and the
        LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never
        seen .xsession file in root directory.. :) 

                        Thanks!                 --alex.


--

Alexander L. Haiut                                             +971-7-461658
Math & CS System group                                      alx () cs bgu ac il
Ben-Gurion University, Israel                  http://www.cs.bgu.ac.il/~alx/