[2099] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Aug 15 10:11:16 1995
Date: Tue, 15 Aug 1995 21:16:07 +1000
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Darren Reed <avalon@coombs.anu.edu.au>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199508142126.PAA07715@crimelab.com> from "Scott Chasin" at Aug
14, 95 03:26:33 pm
In some mail from Scott Chasin, sie said:
[...]
> The following is a bootup script should be added to ensure that
> the sticky bit stays.
>
> This file should be called /etc/rc3.d/S79tmpfix
[...]
If you look closely at the rc scripts, you'll notice that S05RMTMPFILES
is meant to do all this.
Obviously, it doesn't.
This script file is disfunctional, as far as I can tell. It doesn't
even do what it says, mostly it relies on tmpfs being used.
I had a play with it today and came up with the following script.
For those wondering about the /bin/rm -rf's, I tested it today on
Solaris2.4 and it worked as desired.
darren
-------------------------------------------------------------------
#ident "@(#) RMTMPFILES 1.13 93/09/01 SMI" /* SVr4.0 1.1.4.2 */
# Clean up temporary files.
set `/usr/bin/who -r`
if [ $9 != "S" -a $9 != "1" ]
then
exit
fi
# Traditional SunOS 4.x behavior has been to not remove directories in
# the /tmp directory; only simple files were removed. This lead to an
# inconsistancy when the tmpfs file system was used (which isn't persistant
# across boots. The following adopts the traditional System V behavior
# of removing everything in /tmp.
# clean up /tmp
# if /tmp or any of its subdirectories are mount points do not remove /tmp
/usr/bin/rm -rf /tmp/.* /tmp/*
/usr/bin/chmod 1777 /tmp
/usr/bin/chgrp sys /tmp
/usr/bin/chown sys /tmp
# Clean up /etc directory
# The file /etc/rem_name_to_major is not valid across boots
# so must be removed.
if [ -f /etc/rem_name_to_major ]
then
/usr/bin/rm -f /etc/rem_name_to_major
fi
# Traditional SunOS 4.x behavior has been to not alter the contents of
# /var/tmp (/usr/tmp) at boot time. This behavior is maintained as the
# current default behavior. It the traditional System V behavior of
# removing everything in /var/tmp is desired, remove the following
# 'exit'.
exit
# clean up /var/tmp
# if /var/tmp or any of its subdirectories
# is a mount point do not remove it.
M=`/sbin/mount | /usr/bin/egrep '^/var/tmp(/| )' | /usr/bin/wc -l`
if [ $M -eq 0 ]
then
cd /var/tmp || exit 0
# We carefully remove all files except the Ex* files (editor
# temporary files), which expreserve will process later (in
# S80PRESERVE). Of course, it would be simpler to just run
# expreserve before this script, but that doesn't work --
# expreserve requires the name service, which is not available
# until much later.
/usr/bin/ls -a | /usr/bin/egrep -v '^(Ex.*|\.|\.\.)$' |
/usr/bin/xargs /usr/bin/rm -rf --
fi
