[2104] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (Brian Perkins)
Tue Aug 15 18:45:22 1995
Date: Tue, 15 Aug 1995 18:32:53 -0400
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Brian Perkins <bperkins@NETSPACE.ORG>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <Pine.A32.3.91.950815150444.14085A-100000@mickey.ovid.com> from
"Adam Prato" at Aug 15, 95 03:07:39 pm
I found that the program would not work if I tried to put the root shell in
my home dir, which was mounted via NFS. I tried fo half an hour.
If I tried moving it to /tmp, it worked within a minute, a couple of times.
Is there a /proc based ps? It seems to me that this would be a better fix.
> I haven't been able to get this to work. It seems that /usr/bin/ps does not
> create any files in /tmp. I had two windows open, one doing a while true ; do
> ls /tmp ; sleep 1 ; done. And the other trying this exploit. A ps.* file is
> never created (rather no files are created in /tmp). I accidentally left the
> exploit running all night and it still didn't work. /usr/ucb/ps however does
> create a ps_data file, but it doesnt seem to be changed by psrace.
--
Brian Perkins bperkins@netspace.org
