Digital Unix 4.0E /var permission

From: Harhalakis Stefanos (v13at_private)
Date: Sun Apr 04 1999 - 10:31:12 PDT

Next message: Andrei D. Caraman: "An issue with Apache on Debian"

Previous message: Grant Bayley: "Long-standing bug in AustNet IRC network Virtual World"
Next in thread: Jochen Thomas Bauer: "Re: Digital Unix 4.0E /var permission"
Reply: Jochen Thomas Bauer: "Re: Digital Unix 4.0E /var permission"
Reply: implosion: "Re: Digital Unix 4.0E /var permission"
Reply: Paul Szabo: "Re: Digital Unix 4.0E /var permission"
Reply: Harhalakis Stefanos: "Re: Digital Unix 4.0E /var permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 On Digital Unix 4.0E with the latest patch kit aplied, after a new
installation /var has g+w for group system. Anyone that can crack any
account with gid==system may exploit this (not tested but there should be
no problem with mv'ing /var/sbin, /var/adm etc etc..). It seems that CDE
is forcing g+w to /var.. The whole thing is done while executing
/sbin/rc3.d/S95xlogin and only if CDE is selected.

<<V13>>

Next message: Andrei D. Caraman: "An issue with Apache on Debian"
Previous message: Grant Bayley: "Long-standing bug in AustNet IRC network Virtual World"
Next in thread: Jochen Thomas Bauer: "Re: Digital Unix 4.0E /var permission"
Reply: Jochen Thomas Bauer: "Re: Digital Unix 4.0E /var permission"
Reply: implosion: "Re: Digital Unix 4.0E /var permission"
Reply: Paul Szabo: "Re: Digital Unix 4.0E /var permission"
Reply: Harhalakis Stefanos: "Re: Digital Unix 4.0E /var permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:31 PDT