Bugtraq mailing list archives
Re: solaris 2.4 license-manager bug
From: Heiko.Herold () dei unipd it (Herold Heiko)
Date: Thu, 17 Oct 1996 10:34:09 +0200
Another bug for solaris 2.4 The license manager must be running, expect both lmgrd.ste & suntechd to be somewhere in your process table.
...
Some observations ... Lock files are created by the lmgrd process for each license daemon process it manages when it starts. These lock files are generally owned by root, the id under which they were started. If the sticky bit is set on the /var/tmp directory, no normal user will be able to remove the lock file, thus breaking step 1 of the exploit. Perhaps there is a window of opportunity if you can create the symbolic
and there is another possibility if root install some program in order to automtically clean old files from /tmp, /var/tmp and does not pay attention to root files and such. -- --- hman () dei unipd it --- Heiko Herold --- Ankh-Morpork had dallied with many forms of government and had ended up with that form of democracy known as One Man, One Vote. The Patrician was the Man; he had the Vote. -- Discworld politics explained (Terry Pratchett, Mort)
Current thread:
- Re: solaris 2.4 license-manager bug Jeffrey Howard (Oct 16)
- Re: solaris 2.4 license-manager bug Herold Heiko (Oct 17)
- FTPD Discussion Aleph One (Oct 17)
- <Possible follow-ups>
- Re: solaris 2.4 license-manager bug Jeffrey Howard (Oct 17)