Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_3

Bugtraq archives for 3rd quarter (Jul-Aug) 1995: Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

Darren Reed (avaloncoombs.anu.edu.au)
Tue, 15 Aug 1995 21:16:07 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Paul Phillips: "cgi-bin security"
Previous message: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"

In some mail from Scott Chasin, sie said:
[...]
>          The following is a bootup script should be added to ensure that
>          the sticky bit stays.
>
>          This file should be called /etc/rc3.d/S79tmpfix
[...]

If you look closely at the rc scripts, you'll notice that S05RMTMPFILES
is meant to do all this.

Obviously, it doesn't.

This script file is disfunctional, as far as I can tell.  It doesn't
even do what it says, mostly it relies on tmpfs being used.

I had a play with it today and came up with the following script.
For those wondering about the /bin/rm -rf's, I tested it today on
Solaris2.4 and it worked as desired.

darren
-------------------------------------------------------------------
#ident  "(#) RMTMPFILES 1.13   93/09/01 SMI"   /* SVr4.0 1.1.4.2       */
#       Clean up temporary files.

set `/usr/bin/who -r`
if [ $9 != "S" -a $9 != "1" ]
then
        exit
fi

#  Traditional SunOS 4.x behavior has been to not remove directories in
#  the /tmp directory; only simple files were removed. This lead to an
#  inconsistancy when the tmpfs file system was used (which isn't persistant
#  across boots. The following adopts the traditional System V behavior
#  of removing everything in /tmp.

#  clean up /tmp
#  if /tmp or any of its subdirectories are mount points do not remove /tmp
/usr/bin/rm -rf /tmp/.* /tmp/*
/usr/bin/chmod 1777 /tmp
/usr/bin/chgrp sys /tmp
/usr/bin/chown sys /tmp

# Clean up /etc directory
# The file /etc/rem_name_to_major is not valid across boots
# so must be removed.

if [ -f /etc/rem_name_to_major ]
then
        /usr/bin/rm -f /etc/rem_name_to_major
fi

#  Traditional SunOS 4.x behavior has been to not alter the contents of
#  /var/tmp (/usr/tmp) at boot time. This behavior is maintained as the
#  current default behavior. It the traditional System V behavior of
#  removing everything in /var/tmp is desired, remove the following
#  'exit'.

exit

#  clean up /var/tmp
#       if /var/tmp or any of its subdirectories
#       is a mount point do not remove it.

M=`/sbin/mount | /usr/bin/egrep '^/var/tmp(/| )' | /usr/bin/wc -l`
if [ $M -eq 0 ]
then
        cd /var/tmp || exit 0

        # We carefully remove all files except the Ex* files (editor
        # temporary files), which expreserve will process later (in
        # S80PRESERVE).  Of course, it would be simpler to just run
        # expreserve before this script, but that doesn't work --
        # expreserve requires the name service, which is not available
        # until much later.

        /usr/bin/ls -a | /usr/bin/egrep -v '^(Ex.*|\.|\.\.)$' |
                /usr/bin/xargs /usr/bin/rm -rf --
fi

Next message: Paul Phillips: "cgi-bin security"
Previous message: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"
In reply to: Scott Chasin: "BUGTRAQ ALERT: Solaris 2.x vulnerability"
Next in thread: Wolfgang Ley: "Re: BUGTRAQ ALERT: Solaris 2.x vulnerability"