[2133] in bugtraq
Re: BUGTRAQ ALERT: Solaris 2.x vulnerability
daemon@ATHENA.MIT.EDU (System Administrator)
Fri Aug 18 11:52:29 1995
Date: Fri, 18 Aug 1995 16:10:44 +0100
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: System Administrator <root@iifeak.swan.ac.uk>
X-To: BUGTRAQ@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
In-Reply-To: <9508171141.AA04783@aft-ms.Holland.Sun.COM> from "Casper Dik" at
Aug 17, 95 01:41:36 pm
> Just to add my two cents to the discussion:
> - this is a known problem
So why wasn't it more publically announced. Sun could easily have issued a
new binary very publically and without saying what they had fixed.
> - it is fixed in 2.5 (by using fchown, not chown, both versions of ps)
So why didnt you tell people instead of negligently leaving them exposed
> - it only affects people that either:
> - use tmpfs (default) and don't modifiy it +t themselves
> - or us a filesystem for /tmp and didn't do a +t as well.
Otherwise known as the majority of people who are less technically clued up.
Vendors need to improve their methods.
Alan
