Re: using Solaris pax to get files mode 777

lavrenkoMCST.RU

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Mike Baker: "linux 2.0.35 ip aliasing with aliased hwaddr"
• Previous message: Simple Nomad: "NMRC Advisory - "Decryption" of the RCONSOLE Password"
• Maybe in reply to: Hubert Feyrer: "using Solaris pax to get files mode 777"
• Next in thread: Matthew Patton: "Re: using Solaris pax to get files mode 777"

>>>>> "Hubert" == Hubert Feyrer <feyrerRFHS8012.FH-REGENSBURG.DE> writes:

    Hubert> Hi, I've discovered a bug in Solaris 2.5 and 2.6's pax
    Hubert> (probably others) that might be exploited somehow - at

$ ls -l $(which pax)
-r-xr-xr-x   1 bin      bin        56908 Oct 25  1995 /usr/bin/pax

$ man pax
[skip]
     In read or  copy  modes,  if  intermediate  directories  are
     necessary  to  extract  an  archive member, pax will perform
     actions equivalent to the mkdir(2) function, called with the
     following arguments:

          o the intermediate directory used as the path argument

          o the octal value of 777 or rwx (read, write, and  exe-
            cute   permissions)   as   the   mode  argument  (see
            chmod(1)).
[skip]

So, pax is not root setuid and such behavior is specified in
manual. If you are running utilities under root and don't read manuals,
your system will be full of security holes. "rm -rf /" is the example
of such exploit. If you don't know what "rm" does, you may think that
it has security holes. But it doesn't, IMHO.

--
Victor Lavrenko
   Homepage:        http://www.lavrenko.pp.ru/
   E-mail:          lavrenkomcst.ru  lavrenkocs.msu.su
   Fingerprint:     35 D0 98 8D 96 E5 F4 BA  59 FB 9D 29 92 26 F5 59

• Next message: Mike Baker: "linux 2.0.35 ip aliasing with aliased hwaddr"
• Previous message: Simple Nomad: "NMRC Advisory - "Decryption" of the RCONSOLE Password"
• Maybe in reply to: Hubert Feyrer: "using Solaris pax to get files mode 777"
• Next in thread: Matthew Patton: "Re: using Solaris pax to get files mode 777"