On Wednesday, 2001-07-25 at 19:24:29 +0900, SeungHyun Seo wrote:

> It still seems to be affected under 3.5beta9 (including this version)
> someone said it's not the problem of exploitable vulnerability about 8 month ago ,
> but it's possible to exploit though situation is difficult.
> following code and some procedure comments demonstrate it.

> possible to get kmem priviledge in the XXXXBSD which is still not patched,
> possible to get root priviledge in solaris .

Top does not need to be SUID root in Solaris, either. The default
install uses this mode (clipped from the Makefile generated on
Solaris 8 x86):
MODE = 2711
GROUP = sys
Both /dev/mem and /dev/kmem are
crw-r----- 1 root sys 13, 1 Dec 3 2000 /dev/kmem
crw-r----- 1 root sys 13, 0 Dec 3 2000 /dev/mem

Lupe Christoph

-- 
| lupelupe-christoph.de       |        http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a      |
| Bat-Leth contest on the holodeck. They will not concern us again.      |
| http://public.logica.com/~stepneys/joke/klingon.htm                    |

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]