NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2001-10

From: Rob Bartlett - CPRE EMEA (rob.bartlettSun.COM)
Date: Wed Oct 03 2001 - 11:59:13 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Cushing said:
> I was able to reproduce this on a Solaris 8 sparc machine with
> different tolerances:
>
> [288] uname -a
> SunOS hostname 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60
> [289] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x1083'`
> Segmentation Fault(coredump)
> [297] /usr/dt/bin/dtterm -tn `perl -e 'print "A"x2083'`
> Bus Error(coredump)

Although the above is indeed the case:

# uname -a
SunOS hostname 5.8 Generic_108528-07 sun4u sparc SUNW,Sun-Fire
# ls -l /usr/dt/bin/dtterm
-r-xr-xr-x 1 bin bin 47312 Dec 2 1999 /usr/dt/bin/dtterm
# egrep dtterm SUNWdtbas/pkgmap
1 f none dt/bin/dtterm 0555 bin bin 47312 21292 944116615
1 f none dt/config/dtterm.tc 0444 bin bin 696 54239 944111243
1 f none dt/config/dtterm.ti 0444 bin bin 1382 37571 944111243

This means that provided you have a default install, root compromise is not
possible on Solaris 8.

Regards,

Rob

-- 
Sun Microsystems CPRE-EMEA        Weave a circle round him thrice,
mailto: Rob.BartlettSun.COM        And close your eyes with holy dread,
Tel: +44 1276-455-299               For he on honey-dew hath fed,
Mobile: +44 7710-901-702          And drunk the milk of Paradise.

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]