[2132] in bugtraq
BUGTRAQ ALERT: Solaris 2.x
daemon@ATHENA.MIT.EDU (Arve Kjoelen)
Fri Aug 18 11:50:22 1995
Date: Fri, 18 Aug 1995 10:00:24 -0500
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Arve Kjoelen <akjoele@shiva.ee.siue.edu>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
>I was able to reproduce the problem on a SPARC 5/85 running Solaris 2.5 BETA
>within approximately 2.5 minutes when using /usr/bin/ps
>I was not very successful in doing so with /usr/ucb/ps. But then again, may
>be I haven't let the job run long enough.
>Dave
This is also the case on Solaris 2.3 and 2.4. /usr/bin/ps is easily compromised,
while /usr/ucb/ps is not. I ran the job all night on a machine running
Solaris2.3, using /usr/ucb/ps, without success. However, doing a truss on
both /usr/bin/ps and /usr/ucb/ps reveals what looks to me like identical
procedures for dealing with the /tmp/ps* files:
partial output from truss /usr/bin/ps (after /tmp/ps_data removed):
getpid() = 26224 [26223]
access("/tmp/ps.a006Pk", 0) Err#2 ENOENT
open("/tmp/ps.a006Pk", O_WRONLY|O_CREAT|O_EXCL, 0664) = 3
chown("/tmp/ps.a006Pk", 0, 3) = 0
write(3, "\0\001 s", 4) = 4
write(3, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420
close(3) = 0
rename("/tmp/ps.a006Pk", "/tmp/ps_data") = 0
Partial output from truss /usr/ucb/ps (after /tmp/ups_data removed):
getpid() = 26089 [26088]
access("/tmp/ps.a006Nd", 0) Err#2 ENOENT
open("/tmp/ps.a006Nd", O_WRONLY|O_CREAT|O_EXCL, 0664) = 4
chown("/tmp/ps.a006Nd", 0, 3) = 0
write(4, "\0\001 s", 4) = 4
write(4, " p t s / 0\0\0\0\0\0\0\0".., 7420) = 7420
write(4, "\0\0 $FC", 4) = 4
write(4, " P R _ S I Z E\0\0\0\0\0".., 189360) = 189360
write(4, "\0\0\004F006D998F0\t l10".., 40) = 40
close(4) = 0
rename("/tmp/ps.a006Nd", "/tmp/ups_data") = 0
My question is: Why doesn't the psrace program work on /usr/ucb/ps ?
Arve Kjoelen, System Administrator, Electrical Engineering Dept.,
Southern Illinois University at Edwardsville, 618-692-2524
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.2
mQCNAzAvqdwAAAEEAKRdBFn7O/h+wz3tOQwHWvaFKS6gi+UezzCXli/QnuCrJcUE
agvlVVZ/PzKG5i23VdbghyHsVElvKzRW/D1pYor6xSluCftXzSxbCuiEIe2SXUsH
65AqFN688upXzRKHcq3bU/eKB7xUOGqCDot8AzModnwE+XWCgdqn8CTZCNGhAAUR
tCJBcnZlIEtqb2VsZW4gPGFram9lbGVAZWUuc2l1ZS5lZHU+
=csFb
-----END PGP PUBLIC KEY BLOCK-----
