Bugtraq mailing list archives
Re: Solaris 7 and solaris 8 file permissions
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Mon, 24 Jan 2000 10:06:57 +0100
pa:/var/adm$ ls -ld spellhist -rw-rw-rw- 1 bin bin 0 Dec 15 07:28 spellhist
The purpose of the spellhist file is to record all mispellings by all users. This file is supposed to be worldwritable. "chmod 644 /var/adm/spellhist" will cause this: spell tee: /var/adm/spellhist: Permission denied Of course, this feature of spell is highly questionable ($HOME/.spellhist) would appear to be more reasonable.
pa:/var/adm$ ls -ld vold.log -rw-rw-rw- 1 root root 3063 Jan 22 00:48 vold.log
The default umask of 0 causes this; in Solaris 8 the default umask is 022.
There are dangerous write permissions on logging files in Solaris 7 and Solaris 8. In Solaris 8, the issue with vold.log has been corrected. The spellhist file, however, still uses the same permissions as Solaris 7 did. Granted this issue wont result in a root compromise it does allow for users to fill up the /var partition without having root access. (Yes, I know /var/tmp exists and would allow for the same thing.) Solution: Have SUN distributed Solaris 8 with the permissions fixed on the spellhist file or rely on the administrators of the systems to fix the permissions themselves.
Since /var/tmp, /var/mail and other files are writable in /var, it's always possible to overflow /var. (Atjobs probably have no size limit either). Casper
Current thread:
- Solaris 7 and solaris 8 file permissions Steve Dispensa (Jan 22)
- Re: Solaris 7 and solaris 8 file permissions Jonathan [no, I don't write for /.] Katz (Jan 23)
- Re: Solaris 7 and solaris 8 file permissions Casper Dik (Jan 24)
- <Possible follow-ups>
- Re: Solaris 7 and solaris 8 file permissions Darren Moffat - Solaris Sustaining Engineering (Jan 24)