[12846] in bugtraq
Re: Solaris 2.x chkperm/arp vulnerabilities
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Dec 3 18:55:30 1999
Message-Id: <199912030819.JAA23606@romulus>
Date: Fri, 3 Dec 1999 09:19:39 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
X-To: "Larry W. Cashdollar" <lwcashd@BIW.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Wed, 01 Dec 1999 14:18:53 EST."
<199912011918.OAA11931@disney.Biw.COM>
>Arp bug Verified for my Solaris 5.6 and 5.5.1 Installs.
>
>$ uname -a
>SunOS pangea 5.5.1 Generic_103640-26 sun4u sparc SUNW,Ultra-5_10
>
>
># uname -a
>SunOS vapid 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-5_10
>#
>
>$ ls -l /etc/bin
>-rw-rw---- 1 bin bin 23 Dec 1 13:54 /etc/bin
>
>On both machines I could read bin:bin owned files as a regular joe user with arp
You can safely remove the set-gid bin from arp; I'm not sure why it's
still there or in what cases it needs such privileges.
I don't think group bin ever had any files or devices
readable only to it; I can't figure out why it was ever made
set-gid bin.
Casper
