Re: ff.core exploit on Solaris (2.)7

From: Casper Dik (casperat_private)
Date: Fri Jan 15 1999 - 05:20:36 PST

Next message: Peter May: "Re: Keeping any up-to-date?"

Previous message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: Daniel J. Frasnelli: "ff.core exploit on Solaris (2.)7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Greetings,
>        Confirmed ff.core exploit does exist in Solaris 7, server
>edition.  System is straight installation, no patches of any category
>available for 7 from Sunsolve yet.


There's another workaround for the "ff.core" bug rather than taking away
it's set-uid permissions.

The workaround is:

        chmod a-w /vol/*

(Best added to the volmgt starup script in the following fashion, after the
line that starts vold:


                while sleep 1
                do
                        if [ -d /vol/rmt ]
                        then
                                chmod a-w /vol/*
                                break
                        fi
                done &


This leaves a 1 second window or so of vulnerability at boot time which you
can prevent by starting vold earlier than cron & inetd.


Casper

Next message: Peter May: "Re: Keeping any up-to-date?"
Previous message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Tracing by uid u after root does setuid(u)"
Maybe in reply to: Daniel J. Frasnelli: "ff.core exploit on Solaris (2.)7"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:53 PDT