Re: [SRT2001-10] - scoadmin /tmp issues

[Matt Schalit <mschalit () pacbell net>]

Hello Sir:


Richard Johnson wrote:
> ======================================================================
> Strategic Reconnaissance Team Security Advisory(SRT2001-09)
> Topic: scoadmin /tmp issues
> Vendor: Santa Cruz Operations
> Release Date: 05/07/01
> ======================================================================

[snip...]

> .: Systems Affected
> Unixware 5.x


  You bring to light various issues with software issued by the
"Santa Cruz Operations" (sic).  I'm sure they would prefer that
you call them by their correct name, the Santa Cruz Operation, or
simple SCO.

  The SCO server division has been acquired by Caldera, and
www.sco.com now points you to Caldera, for those of you who
may not know.


  SCO has two OS lines that have the following release history:

    UnixWare                              OpenServer
  ------------------                --------------------------
   ...                                  ...
   Unixware 2.1.2                       Unix System 5 Release 3.2v4.0
   Unixware 2.1.3                       Unix System 5 Release 3.2.4.2
   Unixware 7.0.0                       OpenServer 5.0.0
   Unixware 7.0.1                       OpenServer 5.0.2
   Unixware 7.1.0                       OpenServer 5.0.4
   Unixware 7.1.1  <-- Current          OpenServer 5.0.5
                                        OpenServer 5.0.6   <--- Current.


I spent about 15 minutes searching the net and the ng's for any reference
to a "UnixWare 5" or a "UnixWare 5.x" that you refer to with no success.

Would you please clarify for the rest of us exactly what OS you
see this problem with.  Please include the output of

      uname -a



 
> .: Proof of Concept
> ln -s /etc/passwd /tmp/tclerror.1195.log


This doesn't work on UnixWare 7.1.1.

   $ ln -s /etc/passwd /tmp/tclerror.1195.log
   UX:ln: ERROR: Cannot create /tmp/tclerror.1195.log: Not privileged




Regards,
Matthew Schalit
SCO ACE, Maintainer of the Uw7 FAQ.