[10098] in bugtraq
Digital Unix 4.0E /var permission
daemon@ATHENA.MIT.EDU (Harhalakis Stefanos)
Mon Apr 5 15:15:35 1999
Date: Sun, 4 Apr 1999 20:31:12 +0300
Reply-To: Harhalakis Stefanos <v13@AETOS.IT.TEITHE.GR>
From: Harhalakis Stefanos <v13@AETOS.IT.TEITHE.GR>
To: BUGTRAQ@NETSPACE.ORG
On Digital Unix 4.0E with the latest patch kit aplied, after a new
installation /var has g+w for group system. Anyone that can crack any
account with gid==system may exploit this (not tested but there should be
no problem with mv'ing /var/sbin, /var/adm etc etc..). It seems that CDE
is forcing g+w to /var.. The whole thing is done while executing
/sbin/rc3.d/S95xlogin and only if CDE is selected.
<<V13>>
