Security hole in Solaris 2.5 (sdtcm_convert) + exploit
Bill Stewart
stewarts at ix.netcom.com
Sat Feb 22 16:09:06 PST 1997
At 09:36 AM 2/22/97 -0800, Mike Duvos wrote:
>> Another hole in Solaris
>Horrors no!
.....
>Where would Unix be without symbolic links and race conditions?
>
>This is cute, in that rather than having to mung a symbolic link on
>the fly, the program conveniently asks for user input with suid set,
>and then pauses while you set the trap.
As with many programs from the BSD universe, it's running with
root privileges when it could have gotten by with group privileges
or run as "nobody" or some other safe approach instead....
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
# (If this is a mailing list, please Cc: me on replies. Thanks.)
More information about the cypherpunks-legacy
mailing list