[384] in bugtraq
Solaris ff.core and wsinfo commands.
daemon@ATHENA.MIT.EDU (Bonfield James)
Tue Dec 6 14:17:50 1994
From: Bonfield James <jkb@mrc-lmb.cam.ac.uk>
To: bugtraq@fc.net
Date: Tue, 6 Dec 94 15:55:41 WET
Hello,
I recently did a find command on Solaris 2.3:
find /usr/openwin \( -perm -02000 -o -perm -04000 \) -ls
This shows a couple programs that I'm unfamilier with - ff.core and wsinfo. I
was appalled to find that BOTH of these segmentation faulted when I ran them.
Should we consider this normal behaviour for setuid and setgid programs!? I
think not...
Neither of them have manual pages that I can find. Shouldn't we be at least
told what the setuid and setgid programs on our systems are for?
I haven't seen any _obvious_ ways that these could be dangerous for security,
but I'm naturally suspicious of any setuid/setgid program that crashes. Has
anyone got any further info on these programs?
James
