[3050] in bugtraq
Re: Exploiting Zolaris 2.4 ?? :)
daemon@ATHENA.MIT.EDU (Leif Hedstrom)
Sun Aug 4 18:21:36 1996
Date: Sun, 4 Aug 1996 14:29:11 -0700
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Leif Hedstrom <leif@netscape.com>
X-To: fox@mailhost.rsn.hp.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
>David DeSimone writes:
>Even if a program can dump core into a writable directory, that is not
>the same thing as being able to overwrite a file. If you make a symlink
>core -> /etc/passwd, the dump will only succeed if /etc/passwd is also
>writable by the setgid group. If that's the case, then you are in
How about (as proposed in the first posting) creating /usr/sbin/rtc? Or,
if you have some patience, create a file in /etc/rc2.d (for instance)?
-- Leif
