[10169] in bugtraq
Re: Solaris7 and ff.core
daemon@ATHENA.MIT.EDU (Stefan Molnar)
Fri Apr 9 21:58:53 1999
Date: Thu, 8 Apr 1999 11:05:48 -0700
Reply-To: Stefan Molnar <stefan@csudsu.com>
From: Stefan Molnar <stefan@CSUDSU.COM>
X-To: Russell Van Tassell <russell@CSCORP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990407221103.A20765@cscorp.com>
That bug has never been truly fixed. It should be fixed by Solaris
7 5/99 (hw2). Just taking changeing the permissions on /vol will
also fix the problem. chmod a-w /vol/*
Stefan
On Wed, 7 Apr 1999, Russell Van Tassell wrote:
> Forgive me as I just started playing with Solaris 7 and don't recall
> seeing this yet posted to Bugtraq.
>
> It would appear as though an old bug with the OpenWeirdos File Mangler
> has crept up again in Solaris 7 (I believe patch 106222-01 was supposed
> to fix it back in Solaris 2.6 (and 106224-01 in Solaris 2.5.1)). Very
> basically, using ff.core it is possible for a normal user to overwrite
> arbitrary files on the system (that would include things like /etc/shadow)
> and do serious damage to the system (I will leave that exercise to the
> reader).
>
> Admins should remove the setuid and setgid bits from ff.core.
>
> Regards,
> Russell
>
>
> --
> Russell M. Van Tassell
> russell@cscorp.com
>
