[3009] in bugtraq
Re: bin owned system files
daemon@ATHENA.MIT.EDU (Jungseok Roh)
Thu Jul 25 18:38:03 1996
Date: Fri, 26 Jul 1996 07:03:57 -0900
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Jungseok Roh <beren@cosmos.kaist.ac.kr>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <199607251820.OAA03253@solar.irs> from "Robert E. Adams" at Jul
25, 96 02:20:23 pm
> In Solaris 2.x, many of the system files
> and directories are distributed with
> the owner as "bin" and the group as
> "bin".
>
> Many security publications warn against
> "root" executables that are not owned
> by "root".
>
> Are there any known problems/bugs/etc.
> with "root" executing system binaries
> owned by "bin" as long as the "bin"
> account is disabled in /etc/passwd.
> (i.e. * for password and /bin/false
> for the shell).
>
> Thanks,
> bob
hm..Solaris 2.4 has fatal drawbacks in CORE dump.
if directory is group writable.. ex. /etc is owned by sys.
then using Setgid utilities .. we can write SOMETHIN on those directories
dumping the core .
>
> *******************************************************************
>
> Bob Adams Eastman Kodak Company
> Systems Security Engineer 1447 St. Paul Street
> Email: adams@Kodak.com Mail Code 37009
> Phone: (716) 253-5281 Rochester, NY 14653-7009
> Fax: (716) 253-5846
>
> ******************************************************************
>
