Someone in Romania writes:
Another hole in Solaris
Horrors no!
The exploit is very simple. Change the permision mode of your calendar file (callog.YOU) from /var/spool/calendar directory (usual r--rw----) and run sdtcm_convert. sdtcm_convert 'll observe the change and 'll want to correct it (it 'll ask you first). You have only to delete the callog file and make a symbolic link to a target file and your calendar file and said to sdtcm_convert 'y' (yes). sdtcm_convert 'll make you the owner of target file ...
Where would Unix be without symbolic links and race conditions? This is cute, in that rather than having to mung a symbolic link on the fly, the program conveniently asks for user input with suid set, and then pauses while you set the trap. Good work. -- Mike Duvos $ PGP 2.6 Public Key available $ mpd@netcom.com $ via Finger. $