[3061] in bugtraq
Re: Exploiting Zolaris 2.4 ?? :)
daemon@ATHENA.MIT.EDU (Casper Dik)
Tue Aug 6 03:38:46 1996
Date: Tue, 6 Aug 1996 09:07:36 +0200
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Casper Dik <casper@holland.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: Your message of "Mon, 05 Aug 1996 11:19:21 +0200."
<199608050919.LAA19613@unagi.cs.uct.ac.za>
>> Set-uid/set-gid programs shouldn't dump core.
>>
>> They don't in Solaris 2.5/2.5.1, but did under some circumstances in 2.4.
>> This is fixed in a later kernel jumbo patch (-35 for SPARC)
>Not true. SunOS phoebe 5.4 Generic_101945-38 sun4m sparc
>very happily dumped core on dmesg.
Let me rephrase:
On Solaris 2.4 systems with kernel jumbo patch -35 or later
set-gid programs will not core dump, unless you're in the group
the program is set-gid too.
I..e, if you're in group sys, programs set-gid sys can be made to core dump.
If you're not in group sys, there's tons of prgrams
to test with (netstat, dmesg, etc)
If you're not in group mail, try mailx.
If you're not in group tty, try wall (write(1) catches the interrupt)
Casper
