Bugtraq mailing list archives

Re: Possible SunOS 5.5.1 sulogin vulnerability

From: mikedoug () texas net (Michael Douglass)
Date: Fri, 15 Nov 1996 18:26:23 -0600


On Wed, 13 Nov 1996, Jason R. Mastaler wrote:

Possible hole in sulogin here?  Under Solaris 2.5.1 (sparc & x86),
executing /sbin/sulogin from an unprivileged user account dumps you
into what appears to be single-user mode with an ugly warning message
without prompting for the root password.  You don't find this with
earlier versions of Solaris (2.5 and lower).


sulogin is *not* suid root... It is run as root when the system comes up
in single user mode.  The reason you get the ERROR NO root PASSWD is
because it cannot read /etc/shadow as the unprived user.  If you were
to do id -a you would see that you are still the same unpriveledged user.

No security hole here.

Michael Douglass
Texas Networking, Inc.

 "Love does not consist in gazing at each other but in looking together in
  the same direction."
      Antoine de Saint-Exupery: Wind, Sand, and Stars, ch. 8 (1939).

Current thread:

Possible SunOS 5.5.1 sulogin vulnerability Jason R. Mastaler (Nov 13)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Steve Blass (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Doug Hughes (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Casper Dik (Nov 15)
- Re: Possible SunOS 5.5.1 sulogin vulnerability Michael Douglass (Nov 15)
- El Programa Matador de Ascendes Scriptors of DOOM (Nov 16)
- El Programa Matador de Ascendes Aleph One (Nov 16)
  - This week: turn me on, dead man Aleph One (Nov 16)
  - Re: El Programa Matador de Little Boys I like so much Aleph One (Nov 16)
  - Apologies to Kit Knox and all Aleph One (Nov 16)
- <Possible follow-ups>
- Re: Possible SunOS 5.5.1 sulogin vulnerability Mark Graff (Nov 15)