On Digital Unix 4.0E with the latest patch kit aplied, after a new installation /var has g+w for group system. Anyone that can crack any account with gid==system may exploit this (not tested but there should be no problem with mv'ing /var/sbin, /var/adm etc etc..). It seems that CDE is forcing g+w to /var.. The whole thing is done while executing /sbin/rc3.d/S95xlogin and only if CDE is selected. <<V13>>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:31 PDT