[13538] in bugtraq
Re: Solaris 7 and solaris 8 file permissions
daemon@ATHENA.MIT.EDU (Darren Moffat - Solaris Sustaining)
Mon Jan 24 21:20:43 2000
Mime-Version: 1.0
Content-Type: TEXT/plain; charset=us-ascii
Content-Md5: XQepmPgHgL+e47ve8WUEWA==
Message-Id: <200001241139.LAA05318@otis.UK.Sun.COM>
Date: Mon, 24 Jan 2000 11:39:43 +0000
Reply-To: Darren Moffat - Solaris Sustaining Engineering <darren.moffat@sunuk.UK.Sun.COM>
From: Darren Moffat - Solaris Sustaining Engineering <darren.moffat@SUNUK.UK.SUN.COM>
X-To: steve@mwis.net
To: BUGTRAQ@SECURITYFOCUS.COM
>corrected. The spellhist file, however, still uses the same permissions as
>Solaris 7 did. Granted this issue wont result in a root
>compromise it does allow for users to fill up the /var partition without
>having root access.
The 666 permissions are required for spell to work as designed and
removing the world write permissions to the file will break spell:
$ spell
tee: /var/adm/spellhist: Permission denied
See the files/notes section of spell(1).
FILES
...
H_SPELL=/var/adm/spellhist
history file
NOTES
Misspelled words can be monitored by default by setting the
H_SPELL variable in /usr/bin/spell to the name of a file
that has permission mode 666.
Now given that /usr/bin/spell is a ksh script if you don't want this
feature then change the following line to have /dev/null instead of
/var/adm/spellhist. Users can then set H_SPELL themselves if they
want their own spellhist file.
H_SPELL=${H_SPELL:-/var/adm/spellhist}
>(Yes, I know /var/tmp exists and would allow for the same thing.)
That and a whole list of others including
/var/mail
/var/preserve
/var/spool/uucppublic
Running atjobs.
--
Darren J Moffat
