On Wednesday, 2001-07-25 at 19:24:29 +0900, SeungHyun Seo wrote: > It still seems to be affected under 3.5beta9 (including this version) > someone said it's not the problem of exploitable vulnerability about 8 month ago , > but it's possible to exploit though situation is difficult. > following code and some procedure comments demonstrate it. > possible to get kmem priviledge in the XXXXBSD which is still not patched, > possible to get root priviledge in solaris . Top does not need to be SUID root in Solaris, either. The default install uses this mode (clipped from the Makefile generated on Solaris 8 x86): MODE = 2711 GROUP = sys Both /dev/mem and /dev/kmem are crw-r----- 1 root sys 13, 1 Dec 3 2000 /dev/kmem crw-r----- 1 root sys 13, 0 Dec 3 2000 /dev/mem Lupe Christoph -- | lupe@lupe-christoph.de | http://free.prohosting.com/~lupe | | I have challenged the entire ISO-9000 quality assurance team to a | | Bat-Leth contest on the holodeck. They will not concern us again. | | http://public.logica.com/~stepneys/joke/klingon.htm |
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 15:45:53 PDT