Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: elliptic (ellipticCIPHERPUNKS.COM)
Date: Wed Apr 18 2001 - 03:49:14 CDT
> Yes. It is possible that local user can get the part of shadow file in
> Solaris 2.6 since the core file is world readable.
I've tested this default installations of both 2.7 and 2.8, Sparc platform.
The first test was conducted on 2.7, and resulted in a core file being
generated in the $HOME directory of my user. The file, however, was created
with permissions 0600, root:root owned.
The second test was 2.8 under similar circumstances. Again, a core file was
generated. This time, in the root (/) directory. Same permissions as
The test was conducted via the local system, telnetting to the ftp daemon
Therefore, it is safe to say these revisions are not vulnerable, as default
permissions do not permit group or public read access.