[3612] in bugtraq
Re: Possible SunOS 5.5.1 sulogin vulnerability
daemon@ATHENA.MIT.EDU (Michael Douglass)
Fri Nov 15 20:20:22 1996
Date: Fri, 15 Nov 1996 18:26:23 -0600
Reply-To: Michael Douglass <mikedoug@texas.net>
From: Michael Douglass <mikedoug@texas.net>
X-To: "Jason R. Mastaler" <jason@mastaler.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <x7zq0l31aa.fsf@mastaler.com>
On Wed, 13 Nov 1996, Jason R. Mastaler wrote:
> Possible hole in sulogin here? Under Solaris 2.5.1 (sparc & x86),
> executing /sbin/sulogin from an unprivileged user account dumps you
> into what appears to be single-user mode with an ugly warning message
> without prompting for the root password. You don't find this with
> earlier versions of Solaris (2.5 and lower).
sulogin is *not* suid root... It is run as root when the system comes up
in single user mode. The reason you get the ERROR NO root PASSWD is
because it cannot read /etc/shadow as the unprived user. If you were
to do id -a you would see that you are still the same unpriveledged user.
No security hole here.
Michael Douglass
Texas Networking, Inc.
"Love does not consist in gazing at each other but in looking together in
the same direction."
Antoine de Saint-Exupery: Wind, Sand, and Stars, ch. 8 (1939).
