[3611] in bugtraq
Re: Possible SunOS 5.5.1 sulogin vulnerability
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Nov 15 19:51:29 1996
Date: Sat, 16 Nov 1996 01:19:18 +0100
Reply-To: Casper Dik <casper@holland.Sun.COM>
From: Casper Dik <casper@holland.Sun.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: Your message of "Wed, 13 Nov 1996 20:37:01 EST."
<x7zq0l31aa.fsf@mastaler.com>
>Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86),
>executing /sbin/sulogin from an unprivileged user account dumps you
>into what appears to be single-user mode with an ugly warning message
>without prompting for the root password. You don't find this with
>earlier versions of Solaris (2.5 and lower).
It's a Bourne shell; the only difference with a regular /sbin/sh
invocation is that it prints:
*** NO ENTRY FOR root IN PASSWORD FILE! ***
Entering System Maintenance Mode
before starting the shell.
And that's because you're not root.
The difference between 2.5- and 2.5.1 is that the set-uid bit, which
is non-sensical for programs that are supposed to be only started by root
anyway, was dropped.
Casper
