|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
bug in /sbin/ps on sunos5.4 ?
Darren Reed (avalon
COOMBS.ANU.EDU.AU)Thu, 3 Aug 1995 01:51:17 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Christian Wettergren: "Re: SECURITY HOLE: FormMail"
- Previous message: Paul Phillips: "SECURITY HOLE: FormMail"
or is it /usr/bin/ps... anyway, has anyone worked out whether or not it is possible to exploit the race condition in /bin/ps if /tmp/ps_data is missing ? ...if you want the details, just goto any system you're root on which is solris2, rm /tmp/ps_data and do "truss ps >&/tmp/foo" and look through /tmp/foo for a chown. It looks possible, but not easy. of course it is really only a problem when /tmp is rwxrwxrwx (which is pretty common with /tmp mounting from swapfs and no chmod in any /etc/rc scripts). the fix is to chmod +t /tmp and put that in the rc script which mounts /tmp (after /tmp is mounted) and make sure root owns /tmp/ps_data :) darren
- Next message: Christian Wettergren: "Re: SECURITY HOLE: FormMail"
- Previous message: Paul Phillips: "SECURITY HOLE: FormMail"