Correction: CPSN 9:971208: Solaris /var Permission Problems

[mpotter () BALINK COM (MATTHEW POTTER)]

     Hi,

     This affects 2.3, 2.4, and 2.5 , 2.5.1, 2.6 SPARC and x86(NOT JUST
     2.5(1) and 2.6 SPARC), any user can fill var(stopping local logging,
     causing all kinds of problems etc..) or put a rogue package in
     /var/spool/pkg then the admin unsuspectingly just does a pkgadd and
     dosent verify his or her packages, this can lead to root compromise, I
     think this bug is widley known. Run ASET(SUNWast) at the highest
     level, this is good procedure for any solaris box before it goes on a
     network as well as running fixmodes. ASET helps permissions from
     drifting to a lower privlage level(it seems in solaris if you dont run
     any type of perm changing program permissions seem to get progressivly
     worse over time). As well as patching 2.5.1 and prior, for the
     /usr/lib/newsyslog bug (the script sets modes 666 after rotating the
     logs! prior to 2.6) bug so when cron rotates logs the new logs get set
     up properly! It's weird Sun has let this go this long,mabey it's a
     compatiblity issue(?), though mine are strict and I have had no
     problems with the permissions.

     Regards,

     Matthew R. Potter


______________________________ Reply Separator _________________________________
Subject: CPSN 9:971208: Solaris /var Permission Problems
Author:  CPIO Advisory Role Account <advisory () CORINNE CPIO ORG> at Internet
Date:    1/12/98 3:56 PM


     **************** CPIO Security Notice ****************
     Issue Number 9: 971208
     Topic: Solaris /var Permission problems
     Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
     Severity: Common Sense Caution
                **** http://www.darpanet.net ****