[6488] in bugtraq
Sun rpcbind
daemon@ATHENA.MIT.EDU (Nicolas Dubee)
Fri Apr 10 15:14:44 1998
Date: Fri, 10 Apr 1998 15:09:33 +0100
Reply-To: Nicolas Dubee <dube0866@EUROBRETAGNE.FR>
From: Nicolas Dubee <dube0866@EUROBRETAGNE.FR>
To: BUGTRAQ@NETSPACE.ORG
Just for the records and as there's now a patch for this one, here is
the rpcbind feature under Solaris 2.5.x and 2.6.
When rpcbind terminates with a SIGTERM or SIGINT, it will flush the
current list of registered services to /tmp/portmap.file
/tmp/rpcbind.file, without checking for symbolic links etc...
It can then be used to trash any file on the fs.
Note that this happens only when rpcbind is explicitly killed by root
with SIGTERM or SIGINT (rebooting or shutdowning won't do it since
K??rpc sends a SIGKILL signal to rpcbind to prevent this behaviour).
later,
Nicolas Dubee
dube0866@eurobretagne.fr
