Bugtraq mailing list archives
Re: Solaris 7 and solaris 8 file permissions
From: darren.moffat () SUNUK UK SUN COM (Darren Moffat - Solaris Sustaining Engineering)
Date: Mon, 24 Jan 2000 11:39:43 +0000
corrected. The spellhist file, however, still uses the same permissions as Solaris 7 did. Granted this issue wont result in a root compromise it does allow for users to fill up the /var partition without having root access.
The 666 permissions are required for spell to work as designed and removing the world write permissions to the file will break spell: $ spell tee: /var/adm/spellhist: Permission denied See the files/notes section of spell(1). FILES ... H_SPELL=/var/adm/spellhist history file NOTES Misspelled words can be monitored by default by setting the H_SPELL variable in /usr/bin/spell to the name of a file that has permission mode 666. Now given that /usr/bin/spell is a ksh script if you don't want this feature then change the following line to have /dev/null instead of /var/adm/spellhist. Users can then set H_SPELL themselves if they want their own spellhist file. H_SPELL=${H_SPELL:-/var/adm/spellhist}
(Yes, I know /var/tmp exists and would allow for the same thing.)
That and a whole list of others including /var/mail /var/preserve /var/spool/uucppublic Running atjobs. -- Darren J Moffat
Current thread:
- Solaris 7 and solaris 8 file permissions Steve Dispensa (Jan 22)
- Re: Solaris 7 and solaris 8 file permissions Jonathan [no, I don't write for /.] Katz (Jan 23)
- Re: Solaris 7 and solaris 8 file permissions Casper Dik (Jan 24)
- <Possible follow-ups>
- Re: Solaris 7 and solaris 8 file permissions Darren Moffat - Solaris Sustaining Engineering (Jan 24)