>pa:/var/adm$ ls -ld spellhist >-rw-rw-rw- 1 bin bin 0 Dec 15 07:28 spellhist The purpose of the spellhist file is to record all mispellings by all users. This file is supposed to be worldwritable. "chmod 644 /var/adm/spellhist" will cause this: spell tee: /var/adm/spellhist: Permission denied Of course, this feature of spell is highly questionable ($HOME/.spellhist) would appear to be more reasonable. >pa:/var/adm$ ls -ld vold.log >-rw-rw-rw- 1 root root 3063 Jan 22 00:48 vold.log The default umask of 0 causes this; in Solaris 8 the default umask is 022. > >There are dangerous write permissions on logging files in Solaris 7 and >Solaris 8. In Solaris 8, the issue with vold.log has been >corrected. The spellhist file, however, still uses the same permissions as >Solaris 7 did. Granted this issue wont result in a root >compromise it does allow for users to fill up the /var partition without >having root access. > >(Yes, I know /var/tmp exists and would allow for the same thing.) > >Solution: > >Have SUN distributed Solaris 8 with the permissions fixed on the spellhist >file or rely on the administrators of the systems to fix the permissions >themselves. Since /var/tmp, /var/mail and other files are writable in /var, it's always possible to overflow /var. (Atjobs probably have no size limit either). Casper
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:30:54 PDT