Randy Mikesell
DMCO Mid-Tier ISSO
rmikesel@rmikesel.ogden.disa.mil
801-777-3282 ext. 3203 DSN 777
On 13-Jan-98 MATTHEW POTTER wrote:
> Hi,
>
> This affects 2.3, 2.4, and 2.5 , 2.5.1, 2.6 SPARC and x86(NOT JUST
> 2.5(1) and 2.6 SPARC), any user can fill var(stopping local logging,
> causing all kinds of problems etc..) or put a rogue package in
> /var/spool/pkg then the admin unsuspectingly just does a pkgadd and
> dosent verify his or her packages, this can lead to root compromise, I
> think this bug is widley known. Run ASET(SUNWast) at the highest
> level, this is good procedure for any solaris box before it goes on a
> network as well as running fixmodes. ASET helps permissions from
> drifting to a lower privlage level(it seems in solaris if you dont run
> any type of perm changing program permissions seem to get progressivly
> worse over time). As well as patching 2.5.1 and prior, for the
> /usr/lib/newsyslog bug (the script sets modes 666 after rotating the
> logs! prior to 2.6) bug so when cron rotates logs the new logs get set
> up properly! It's weird Sun has let this go this long,mabey it's a
> compatiblity issue(?), though mine are strict and I have had no
> problems with the permissions.
>
> Regards,
>
> Matthew R. Potter
>
>
>______________________________ Reply Separator
>_________________________________
>Subject: CPSN 9:971208: Solaris /var Permission Problems
>Author: CPIO Advisory Role Account <advisory@CORINNE.CPIO.ORG> at Internet
>Date: 1/12/98 3:56 PM
>
>
> **************** CPIO Security Notice ****************
> Issue Number 9: 971208
> Topic: Solaris /var Permission problems
> Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
> Severity: Common Sense Caution
> **** http://www.darpanet.net ****