Bugtraq mailing list archives
Re: setuid lp script
From: casper () holland Sun COM (Casper Dik)
Date: Thu, 15 Aug 1996 17:46:45 +0200
What is the purpose of /etc/lp/alters/printers on a solaris machine? It is a setuid lp script. I have run Casper's fix-modes script, but this file's permissions were not changed.
The fix-modes script only fixed about 4000+ group writable files/directories. It doesn't fix set-uid/set-gid programs that shouldn't be. (Such as sulogin, login, /sbin/su) I have no idea what /etc/lp/alerts/printers does. However, I never bothered to get it fixed because it's harmless. A set-uid shell script that doesn't start with "#!/bin/sh -p" will cause /bin/sh to reset the euid back to the ruid immediately. As truss shows: 4423: execve("/etc/lp/alerts/printer", 0xEFFFF7F4, 0xEFFFF7FC) argc = 2 4423: *** SUID: ruid/euid/suid = 1001 / 71 / 71 *** 4423: getuid() = 1001 [71] 4423: getuid() = 1001 [71] 4423: setuid(1001) = 0 (note that getuid() and geteuid() are one and the same system call, it returns both values in different registers) Casper
Current thread:
- Re: mail storm Roy Leonard (Aug 13)
- Re: mail storm zero cool (Aug 13)
- Re: mail storm Pete Ashdown (Aug 13)
- Re: mail storm Sean B. Hamor (Aug 13)
- setuid lp script Francis Liu (Aug 13)
- Re: setuid lp script Casper Dik (Aug 15)
- CERT Advisory CA-96.19 - Vulnerability in expreserve CERT Advisory (Aug 15)
- IRIX 5.3 and CA-96.19 - Vulnerability in expreserve? Mike Kienenberger (Aug 15)
- <Possible follow-ups>
- Re: mail storm Brett L. Hawn (Aug 13)
- Re: mail storm John Ladwig (Aug 13)
- Re: mail storm C. Harald Koch (Aug 13)
- Re: mail storm Joe Rhett (Aug 13)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- HP elm exploit Clay Shields (Aug 13)
- Re: mail storm der Mouse (Aug 13)
- Re: mail storm J.R.Valverde (Aug 13)