Bugtraq mailing list archives
Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm]
From: henson () intranet csupomona edu (Paul B. Henson)
Date: Fri, 6 Dec 1996 09:49:38 -0800
chkperm is suid to bin and /usr/bin/ directory is owned by root in Solaris 2.4 and above, that causes the error message and no .rhosts is created/
chkperm is also sgid to bin: -rwsr-sr-x 1 bin bin 8452 Oct 25 1995 /usr/vmsys/bin/chkperm and /usr/bin is writable by the bin group: drwxrwxr-x 2 root bin 8704 Nov 15 13:43 /usr/bin So the root ownership of /usr/bin would not deny chkperm write privs.
From what I understand, this bug works on 2.4, but not 2.5+, so something
must have changed between the two, but I don't think it was the ownership of the /usr/bin directory. -- Paul Henson | System Administrator | Cal Poly Pomona | (909) 869-3781 pbhenson () csupomona edu | finger henson () brick dce csupomona edu for PGP key
Current thread:
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Terrell Thacker (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 05)
- SGI Security Advisory 19961201-01-PX - Desktop searchbook Program SGI Security Coordinator (Dec 05)
- suid_exec problem clarification Yuri Volobuev (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Nikolai Matyushenko (Dec 06)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul B. Henson (Dec 06)
- New INN security problems Chris Timmons (Dec 06)
- suid_exec Javier Romeu (Dec 06)
- <Possible follow-ups>
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Kevin L Prigge (Dec 05)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Paul Ashton (Dec 06)
- Re: Solaris 2.x Vulnerability [/usr/vmsys/bin/chkperm] Casper Dik (Dec 06)