[9075] in bugtraq
Re: ff.core exploit on Solaris (2.)7
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Jan 15 12:54:44 1999
Date: Fri, 15 Jan 1999 14:20:36 +0100
Reply-To: Casper Dik <casper@HOLLAND.SUN.COM>
From: Casper Dik <casper@HOLLAND.SUN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 08 Jan 1999 12:43:20 EST."
<Pine.GSO.4.05.9901081235340.880-100000@naur.csee.wvu.edu>
>Greetings,
> Confirmed ff.core exploit does exist in Solaris 7, server
>edition. System is straight installation, no patches of any category
>available for 7 from Sunsolve yet.
There's another workaround for the "ff.core" bug rather than taking away
it's set-uid permissions.
The workaround is:
chmod a-w /vol/*
(Best added to the volmgt starup script in the following fashion, after the
line that starts vold:
while sleep 1
do
if [ -d /vol/rmt ]
then
chmod a-w /vol/*
break
fi
done &
This leaves a 1 second window or so of vulnerability at boot time which you
can prevent by starting vold earlier than cron & inetd.
Casper
