Re: Solaris 7 and solaris 8 file permissions

[casper () HOLLAND SUN COM (Casper Dik)]

> pa:/var/adm$ ls -ld spellhist
> -rw-rw-rw-   1 bin      bin            0 Dec 15 07:28 spellhist

The purpose of the spellhist file is to record all mispellings by all
users.  This file is supposed to be worldwritable.

"chmod 644 /var/adm/spellhist" will cause this:

 spell
tee: /var/adm/spellhist: Permission denied

Of course, this feature of spell is highly questionable ($HOME/.spellhist)
would appear to be more reasonable.

> pa:/var/adm$ ls -ld vold.log
> -rw-rw-rw-   1 root     root        3063 Jan 22 00:48 vold.log

The default umask of 0 causes this; in Solaris 8 the default umask is 022.

> There are dangerous write permissions on logging files in Solaris 7 and
> Solaris 8.  In Solaris 8, the issue with vold.log has been
> corrected.  The spellhist file, however, still uses the same permissions as
> Solaris 7 did.  Granted this issue wont result in a root
> compromise it does allow for users to fill up the /var partition without
> having root access.
>
> (Yes, I know /var/tmp exists and would allow for the same thing.)
>
> Solution:
>
> Have SUN distributed Solaris 8 with the permissions fixed on the spellhist
> file or rely on the administrators of the systems to fix the permissions
> themselves.

Since /var/tmp, /var/mail and other files are writable in /var, it's always
possible to overflow /var.  (Atjobs probably have no size limit either).

Casper