Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: finger-bombing, abuse timeoutjsz (jszramon.bgu.ac.il)
Sat, 15 Oct 94 14:38:41 IST
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: jsz: "Re: chmod 000 .rhosts - works?"
- Previous message: George Hodson: "Directory Permissions"
- In reply to: Pat Myrto: "Re: finger-bombing, abuse timeout"
- Next in thread: Jim Littlefield: "Re: finger-bombing"
> > > ObBug: The shell escape from 'crash' on SunOS... file descriptors are > > left open to /dev/kmem and /dev/mem, among other things. > > > > % crash > > dumpfile = /dev/mem, .... > > > !/bin/sh > > % strings <&9 >/tmp/out & > > % id > > .... egid=2(kmem) .... > > > > Ooops. I understated the problem. > > Yeh. Regarding fixes, I checked - the shell script available from Sun > as a patch to fix the FCS permissions does fix the permissions on crash > so only root can run it. I checked my machine, and it was not world > executable (or anything). I had run that fixit script some time ago. > It is DEFINITELY a good thing to run, and then you can follow up and > fix stuff like newsyslog (which it doesn't fix). The thing is designed > so one can add any files to a list built in, with fields for perms, > type, owner, group, the whole thing. In fact, I have been playing > catch-up and any file I alter the perms on to lock things down, I add > to the thing, so on a new install, I only need to run it. There is a > BUNCH of stuff owned by bin (/etc, /dev, most of the system subdirs) that > are changed to root by the script - a must do on a box that exports stuff > via NFS. > Same problem (with both crash(1) and improperly set permissions) exists in Solaris 1.1.1 through 5.4, but weirdly 100103-12 patch (script to change file permissions to a more secure mode) seems to be integrated into 4.1.3_U1 (Solaris 1.1.1), and is NOT listed in a list of "security patches" that I have obtained from sunsolve a week ago. I found a rather cute script to change file permissions for Solaris 2.2 & 2.3 by Casper Dik, ftpable from ftp.fwi.uva.nl:/pub/solaris, I think it can be used for Solaris 2.4 as well, since the permissions are not fixed in 2.4 release either. Regards ---