[3104] in bugtraq
wabi 2.2 sol 2.x and more, SUN, The insecure network is the ,
daemon@ATHENA.MIT.EDU (Anthony C. Zboralski)
Fri Aug 9 16:22:40 1996
Date: Fri, 9 Aug 1996 16:53:56 +0200
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: "Anthony C. Zboralski" <frantic@storm.certix.fr>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
I remember starting a flame on ids 'cause i said Solaris 2.5 was not
secure.
# uname -a
SunOS webbar 5.5 Generic sun4m
i dunno what happened to the guyz at sun .. but they must stop dope..
even with a default umask of 077.. when i installed wabi 2.2 (SUNWwabi),
look at what i got :
and this is only a small cutout the whole package is like that:
/opt/SUNWwabi:
total 8
lrwxrwxrwx 1 root other 13 Jul 10 13:37 SUNWwabi ->
/opt/SUNWwabi/
drwxrwxrwx 2 root other 512 May 24 14:42 bin/
drwxrwxrwx 2 root other 512 May 21 11:23 drvr/
drwxrwxrwx 2 root other 1024 May 21 11:23 icons/
drwxrwxrwx 3 root other 512 May 21 11:24 lib/
drwxrwxrwx 3 root other 512 May 21 11:24 man/
drwxrwxrwx 2 root other 512 May 21 11:24 printers/
drwxrwxrwx 5 root other 1024 May 21 11:24 wbin/
/opt/SUNWwabi/bin:
total 6461
-rwxrwxrwx 1 root other 19593 May 21 11:32 wabi*
-rwxrwxrwx 1 root other 11272 May 21 11:23 wabiclientinstall*
-rwxrwxrwx 1 root other 426344 May 21 11:23 wabifs*
-rwxrwxrwx 1 root other 10472 May 21 11:23 wabimakelower*
-rwxrwxrwx 1 root other 6904 May 21 11:23 wabiplatform*
-rwxrwxrwx 1 root other 3026456 May 21 11:23 wabiprog*
-rwxrwxrwx 1 root other 3038148 May 21 11:23 wabiprog.8+*
-rwxrwxrwx 1 root other 34432 May 21 11:23 wabiwintegrate*
lrwxrwxrwx 1 root other 6 Jul 10 13:36 wbin -> ../bin/
better chmod -R og-w /opt/SUNWwabi/
but it is not only wabi:
/etc:
drwxrwxrwx 3 root root 512 Jul 13 17:17 openwin/
/etc/openwin:
total 1
drwxrwxrwx 3 root root 512 Jul 13 17:17 devdata/
/etc/openwin/devdata:
total 1
drwxrwxrwx 2 root root 512 Jul 13 17:17 profiles/
/etc/openwin/devdata/profiles:
total 4
-rw-rw-rw- 1 root root 928 Aug 8 18:51 DirectColor0x23:0.0
-rw-rw-rw- 1 root root 928 Aug 8 18:51 PseudoColor0x22:0.0
-rw-rw-rw- 1 root root 928 Aug 8 18:51 StaticColor0x25:0.0
-rw-rw-rw- 1 root root 924 Aug 8 18:51 TrueColor0x26:0.0
/opt/SUNWits/Graphics-sw/xil/examples:
total 4
drwxrwxrwx 2 bin bin 512 Jul 3 13:11 rtvc_capture_movie/
drwxrwxrwx 2 bin bin 512 Jul 3 13:11 rtvc_display/
drwxrwxrwx 2 bin bin 512 Jul 3 13:11
rtvc_video_conference/
drwxr-xr-x 2 bin bin 512 Jul 3 13:11 test/
/var/adm:
-rw-rw-rw- 1 bin bin 0 Jul 3 12:40 spellhist
-rw-rw-rw- 1 root root 165 Jul 23 18:03 vold.log
/var/adm/log:
total 4
-rw-rw-rw- 1 root root 3544 Aug 8 17:20 asppp.log
/var:
drwxrwxrwx 4 root root 512 Aug 8 17:21 dt/
drwxrwxrwx 2 bin bin 512 Jul 3 12:39 news/
drwxrwxrwx 4 bin bin 512 Jul 27 21:37 preserve/
/var/dt:
total 8
drwxrwxrwx 3 bin bin 512 Jul 3 13:59 appconfig/
drwxrwxrwx 10 bin bin 512 Aug 8 17:45 tmp/
/var/dt/appconfig:
total 1
drwxrwxrwx 5 bin bin 512 Aug 5 15:02 appmanager/
/var/spool:
total 9
drwxrwxrwx 2 bin bin 512 Jul 3 12:39 pkg/
/var/log:
total 224
-rw-rw-rw- 1 root other 20071 Aug 8 20:12 syslog
-rw-rw-rw- 1 root other 42350 Aug 3 02:30 syslog.0
-rw-rw-rw- 1 root other 30974 Jul 27 02:43 syslog.1
-rw-rw-rw- 1 root other 53224 Jul 20 02:30 syslog.2
-rw-rw-rw- 1 root other 57099 Jul 12 18:18 syslog.3
/var/lp/logs:
total 6
-rw-rw-rw- 1 root root 789 Aug 8 17:20 lpNet
-rw-rw-rw- 1 root root 568 Aug 8 17:20 lpsched
/var/saf:
total 7
-rw-rw-rw- 1 root root 5256 Aug 8 17:21 _log
/var/spool:
total 9
drwxrwsrwt 2 daemon daemon 512 Jul 23 17:51 calendar/
drwxrwxrwx 2 bin bin 512 Jul 3 12:39 pkg/
drwxrwxrwt 2 uucp uucp 512 Jul 3 13:01 uucppublic/
/var/spool/lp/fifos:
total 2
prw-rw-rw- 1 lp lp 0 Jul 3 13:20 FIFO|
drwxrwx-wx 2 lp lp 512 Jul 17 19:57 public/
/usr/oasys/tmp:
total 0
-rw--w--w- 1 bin bin 0 Oct 25 1995 TERRLOG
