[1952] in bugtraq
Re: Beer & talk at Usenix Security Symposium
daemon@ATHENA.MIT.EDU (Alexander L. Haiut)
Fri Jun 2 21:20:40 1995
Date: Sat, 3 Jun 1995 03:10:43 +0200 (GMT+0200)
From: "Alexander L. Haiut" <alx@CS.bgu.ac.il>
To: "Paul (Tony) Watson" <watson@edfub8.MIT.EDU>
Cc: bugtraq@fc.net, watson@ctis.af.mil
In-Reply-To: <9506012036.AA27163@edfub8.ctis.af.mil>
> Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and
> motif 1.2.3. Anyone can get limited (possibly more) access to the
> system if:
> -There is a ".xsession" file that is world readable in the root "/"
> directory (i.e. 644 as usual)
> -Sync account is left with default passwd entry of
> "sync::5:1:/:/bin/csh" (i.e. Which is the Sun install default)
If my memory serves me well, the SunOS 4.1.x default passwd
entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ?
Sure, this should be fixed because of things you show and the
LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never
seen .xsession file in root directory.. :)
Thanks! --alex.
--
Alexander L. Haiut +971-7-461658
Math & CS System group alx@cs.bgu.ac.il
Ben-Gurion University, Israel http://www.cs.bgu.ac.il/~alx/
