Re: Correction: CPSN 9:971208: Solaris /var Permission Problems

From: Randy Mikesell (rmikeselat_private)
Date: Tue Jan 13 1998 - 11:43:06 PST

Next message: Tom Perrine: "Re: Correction: CPSN 9:971208: Solaris /var Permission Problems"

Previous message: Todd C. Miller: "Re: hole in sudo for MP-RAS."
Maybe in reply to: MATTHEW POTTER: "Correction: CPSN 9:971208: Solaris /var Permission Problems"
Next in thread: Tom Perrine: "Re: Correction: CPSN 9:971208: Solaris /var Permission Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Be careful on what you suggest.  The last I heard, even Sun does not
recommend that you run ASET in high.  I know of more than one box that
was trashed because the SA set ASET to high.  It is a long and painfull
process to restore the system after ASET is finished with it.  It may be
better to keep up on the patches and run scripts or other tools to keep
track of the permissions.

Randy Mikesell
DMCO Mid-Tier ISSO
rmikeselat_private
801-777-3282 ext. 3203   DSN 777

On 13-Jan-98 MATTHEW POTTER wrote:
>     Hi,
>
>     This affects 2.3, 2.4, and 2.5 , 2.5.1, 2.6 SPARC and x86(NOT JUST
>     2.5(1) and 2.6 SPARC), any user can fill var(stopping local logging,
>     causing all kinds of problems etc..) or put a rogue package in
>     /var/spool/pkg then the admin unsuspectingly just does a pkgadd and
>     dosent verify his or her packages, this can lead to root compromise, I
>     think this bug is widley known. Run ASET(SUNWast) at the highest
>     level, this is good procedure for any solaris box before it goes on a
>     network as well as running fixmodes. ASET helps permissions from
>     drifting to a lower privlage level(it seems in solaris if you dont run
>     any type of perm changing program permissions seem to get progressivly
>     worse over time). As well as patching 2.5.1 and prior, for the
>     /usr/lib/newsyslog bug (the script sets modes 666 after rotating the
>     logs! prior to 2.6) bug so when cron rotates logs the new logs get set
>     up properly! It's weird Sun has let this go this long,mabey it's a
>     compatiblity issue(?), though mine are strict and I have had no
>     problems with the permissions.
>
>     Regards,
>
>     Matthew R. Potter
>
>
>______________________________ Reply Separator
>_________________________________
>Subject: CPSN 9:971208: Solaris /var Permission Problems
>Author:  CPIO Advisory Role Account <advisoryat_private> at Internet
>Date:    1/12/98 3:56 PM
>
>
>     **************** CPIO Security Notice ****************
>     Issue Number 9: 971208
>     Topic: Solaris /var Permission problems
>     Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
>     Severity: Common Sense Caution
>                **** http://www.darpanet.net ****

Next message: Tom Perrine: "Re: Correction: CPSN 9:971208: Solaris /var Permission Problems"
Previous message: Todd C. Miller: "Re: hole in sudo for MP-RAS."
Maybe in reply to: MATTHEW POTTER: "Correction: CPSN 9:971208: Solaris /var Permission Problems"
Next in thread: Tom Perrine: "Re: Correction: CPSN 9:971208: Solaris /var Permission Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:51 PDT