[27265] in bugtraq
Re: Solaris 2.6, 7, 8
daemon@ATHENA.MIT.EDU (tb0b)
Thu Oct 3 10:52:48 2002
From: tb0b <tbob@primitive-incision.co.uk>
To: buzheng <bu_zheng@sina.com>
Date: Tue, 8 Jan 1980 03:34:22 +0000
Content-Type: text/plain
In-Reply-To: <20021002115909.E8CB.BU_ZHENG@sina.com>
MIME-Version: 1.0
Message-Id: <80010803375300.04448@localhost.localdomain>
Content-Transfer-Encoding: 8bit
On Wed, 02 Oct 2002, you wrote:
> But, the remote setting of TTYPROMPT does matter. you can not succeed in
> login without remotely changing the TTYPROMPT. This is also the bug
> mentioned in Jonathan's original letter (bid:5531).
I have heard several conflicting reports on this matter and there are at least
two published exploits for the Solaris login overflow (by mat@monkey.org and
morgan@sexter.com) that do *not* explicitly set the TTYPROMPT environment
variable.
If somone (perhaps somone from Sun) could clarify this matter once and for all
i would be most gratefull.
-tb0b
--
tb0b, Nietzschean.
No Religion. No Flag. No Phear.
http://bitterness.primitive-incision.co.uk/
------------------------------------------------
`Who said anything about cutting you up man?
I just wanted to carve a little `z' on your forehead.'
-Dr Gonzo, "Fear and Loathing in Las Vagas"
------------------------------------------------
