Bugtraq mailing list archives

Re: Correction: CPSN 9:971208: Solaris /var Permission Problems

From: rmikesel () RMIKESEL OGDEN DISA MIL (Randy Mikesell)
Date: Tue, 13 Jan 1998 12:43:06 -0700


Be careful on what you suggest.  The last I heard, even Sun does not
recommend that you run ASET in high.  I know of more than one box that
was trashed because the SA set ASET to high.  It is a long and painfull
process to restore the system after ASET is finished with it.  It may be
better to keep up on the patches and run scripts or other tools to keep
track of the permissions.

Randy Mikesell
DMCO Mid-Tier ISSO
rmikesel () rmikesel ogden disa mil
801-777-3282 ext. 3203   DSN 777

On 13-Jan-98 MATTHEW POTTER wrote:

    Hi,

    This affects 2.3, 2.4, and 2.5 , 2.5.1, 2.6 SPARC and x86(NOT JUST
    2.5(1) and 2.6 SPARC), any user can fill var(stopping local logging,
    causing all kinds of problems etc..) or put a rogue package in
    /var/spool/pkg then the admin unsuspectingly just does a pkgadd and
    dosent verify his or her packages, this can lead to root compromise, I
    think this bug is widley known. Run ASET(SUNWast) at the highest
    level, this is good procedure for any solaris box before it goes on a
    network as well as running fixmodes. ASET helps permissions from
    drifting to a lower privlage level(it seems in solaris if you dont run
    any type of perm changing program permissions seem to get progressivly
    worse over time). As well as patching 2.5.1 and prior, for the
    /usr/lib/newsyslog bug (the script sets modes 666 after rotating the
    logs! prior to 2.6) bug so when cron rotates logs the new logs get set
    up properly! It's weird Sun has let this go this long,mabey it's a
    compatiblity issue(?), though mine are strict and I have had no
    problems with the permissions.

    Regards,

    Matthew R. Potter


______________________________ Reply Separator
_________________________________
Subject: CPSN 9:971208: Solaris /var Permission Problems
Author:  CPIO Advisory Role Account <advisory () CORINNE CPIO ORG> at Internet
Date:    1/12/98 3:56 PM


    **************** CPIO Security Notice ****************
    Issue Number 9: 971208
    Topic: Solaris /var Permission problems
    Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
    Severity: Common Sense Caution
               **** http://www.darpanet.net ****

Current thread:

Re: Announcement: Phrack 52, (continued)
- - - Re: Announcement: Phrack 52 Olaf Kirch (Jan 28)
    - KSR[T] Advisory #7: filter KSR[T] (Jan 29)
    - Bug in IMail's pop3d32.exe RHS Linux User (Jan 29)
    - Secure Linux patch Solar Designer (Jan 29)
    - Gaining Domain Admins access on LAN (fwd) Weld Pond (Jan 28)
    - GZEXE - the big problem Micha? Zalewski (Jan 28)
  - Re: Xserver stack smashed Rahul Sahadevan (Jan 26)
  - Vulnerability in htmlscript Dennis Moore (Jan 26)
  - ANNOUNCE: Secure Syslog Lucio Torre (Jan 26)
  - Security flaw in htmlscript Joseph Jay Austin (Jan 27)
- Re: Correction: CPSN 9:971208: Solaris /var Permission Problems Randy Mikesell (Jan 13)
  - Re: Correction: CPSN 9:971208: Solaris /var Permission Problems Tom Perrine (Jan 13)