[2113] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (Alexander L. Haiut)
Wed Aug 16 13:53:45 1995
Date: Wed, 16 Aug 1995 11:54:21 +0200
Reply-To: "Alexander L. Haiut" <alx@CS.bgu.ac.il>
From: "Alexander L. Haiut" <alx@CS.bgu.ac.il>
X-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <199508152232.SAA09696@netspace.org>
On Tue, 15 Aug 1995, Brian Perkins wrote:
> I found that the program would not work if I tried to put the root shell in
> my home dir, which was mounted via NFS.I tried fo half an hour.
> If I tried moving it to /tmp, it worked within a minute, a couple of times.
Don't you think it's because your home dir mounted via NFS is
mounted with "nosuid" option ? Just an idea, no more.. :)
On Tue, 15 Aug 1995, Aleph One wrote:
> Well while we taling about SysV ps IRIX's its sgid to sys, writes
> to /tmp/.ps_data and /tmp/.ps_XXXXXX but /tmp was the sticky bit on.
Well, checked IBM AIX, seems to be Ok too.. /tmp has sticky
bit on, and /usr/bin/ps is sgid to "system" group only.
Hope here we're safe.. Whaddya say?! --alex.
--
Alexander Haiut +972-7-461658
Math & CS System group alx@cs.bgu.ac.il
Ben-Gurion University, Israel http://www.cs.bgu.ac.il/~alx/
