> The problem with DTUSERSESSION was already posted on last > Feb 24; and by then, the "Solaris dtappgather patch" fixed the > DTUSERSESSION but not the link (directory permissions) problem, > which probably is fixed by the other patch on 2.5.x. > > So, at least Solaris 2.6 (sparc) with recent patches is not > vulnerable. The problem is patched with both the dtappgather and dtlogin patches to Solaris 2.5.1/2.6 (and presumably 2.5 as well). You need to apply both and restart dtlogin. I'm not sure, but you might even need to rm -rf /var/dt before restarting dtlogin, but it seems it will fix up the permissions on startup. Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:22:26 PDT