Bugtraq mailing list archives

Re: License Manager's lockfiles (Solaris 2.5.1)

From: Don.Lewis () TSC TDK COM (Don Lewis)
Date: Fri, 23 Oct 1998 21:44:41 -0700


On Oct 23,  8:22pm, Roger Harrison ? wrote:
} Subject: Re: License Manager's lockfiles (Solaris 2.5.1)

} So to exploit it, just remove the locksuntechd file and replace it with a
} symlink to a file you want to create.  It will not overwrite existing
} files from the testing that i did.  Then the link is followed and the new
} file is created with mode 666 ownership root.  You can then delete the
} symlink and create a new one to somewhere else and it will work again and
} again and again...what fun.  Users could create .rhosts files, new system
} webpages, new trojan binaries with names spelled slightly off that get
} misspelled often (finger-fineger, pine-pien, ls-sl)  come on.. tell me
} you never typed one of those out wrong while you were typing fast!

Unless you've found another bug, world writeable .rhosts files should be
ignored.  Also, if you don't own the trojan binary files, how are you going
to set the execute bits so that other users can execute them?

Current thread:

Re: License Manager's lockfiles (Solaris 2.5.1) Don Lewis (Oct 23)
- Another nice tmp race Stefan Laudat (Oct 21)
  - Re: Another nice tmp race Patrick J. Volkerding (Oct 27)
  - Re: Another nice tmp race Solar Designer (Oct 27)
  - Re: Another nice tmp race Glynn Clements (Oct 28)
- Re: License Manager's lockfiles (Solaris 2.5.1) Casper Dik (Oct 27)
- <Possible follow-ups>
- Re: License Manager's lockfiles (Solaris 2.5.1) Don Lewis (Oct 23)