[8463] in bugtraq
Re: another /usr/dt/bin/dtappgather feature!
daemon@ATHENA.MIT.EDU (Casper Dik)
Mon Nov 9 15:38:35 1998
Date: Mon, 9 Nov 1998 20:44:12 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 06 Nov 1998 18:35:36 +0100."
<199811061735.SAA27686@gtc1.cps.unizar.es>
> The problem with DTUSERSESSION was already posted on last
> Feb 24; and by then, the "Solaris dtappgather patch" fixed the
> DTUSERSESSION but not the link (directory permissions) problem,
> which probably is fixed by the other patch on 2.5.x.
>
> So, at least Solaris 2.6 (sparc) with recent patches is not
> vulnerable.
The problem is patched with both the dtappgather and dtlogin
patches to Solaris 2.5.1/2.6 (and presumably 2.5 as well).
You need to apply both and restart dtlogin.
I'm not sure, but you might even need to rm -rf /var/dt before restarting
dtlogin, but it seems it will fix up the permissions on startup.
Casper
