Re: Solaris problems?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bill Heiser: "Re: -froot??? (AIX rlogin bug)"
• Previous message: Steve Davis: "Re: Solaris problems?"
• In reply to: James W. Abendschan: "Solaris problems?"
• Next in thread: Anthony J. Lill: "Re: Solaris problems?"

>Three solaris-related things I'd like to ask the list-- and if
>you know, and are willing to share this info (key point here), please
>speak up.
>
>1) /var/mail is world writable, but has a sticky bit to prevent
>   people from removing other people's mailboxes.  Still, I
>   can create mailboxes for users who don't have them (like smtp) ..
>   will this pose a problem in the future?

This is less of a problem in Solaris 2.x than in SunoS 4.1.x.
The mail delivery agent isn't set-uid root.

Nevertheless, we create mailboxes for every user *and* make
sure the mailreaders don't delete them.

>   I know that if sendmail had some sort of support for v7 
>   forwarding capabilties (ie; /var/mail/smtp contains
>   Forward to |/tmp/foosh, then mail to smtp runs /tmp/foosh
>   as uid smtp, which just happens to be 0 on our systems)
>   this would be an easy exploit.. but apparently sendmail
>   8.6.9 doesn't hold to those kind of conventions (thank gods)

This is not supported in SunOS 5.x.  SunOS 5.x uses sendmail and
not some otehr delivery mechanism.

>2) it was recently pointed out to me that /dev/tcp and /dev/ip
>   were mode 666; could this be a problem?  I thought maybe
>   you could dump crap into them and it would possibly hose
>   something.. or worse, you could just cat 'em and look
>   at traffic.  While both of these are probabally unlikely,
>   does anyone know for certain?  And is it safe to chmod 600
>   these?

/dev/tcp and /dev/ip and /dev/udp *must* all be mode 666.
These are clone devices (11 as devmajor) and are used to
create connection end points.

socket(AF_INET,SOCK_STREAM,IPPROTO_TCP) roughly translates to
``open("/dev/tcp",O_RDWR) ; ....''

Changing the mode on /dev/tcp, /dev/ip and /dev/udp is a quick way
of crippling your system (non-root can no longer use any form
of IP communication)

>3) is solaris openwin code secure?  (yes or no, and if no, why..
>   for those of us who just like to say things like "perhaps.")


What exactly do you mean by that?  It seems that the server is reasonably
secure (it even logs connection failures and will always use atleast
magic cookie security).  The DPS extension doesn't allow (unless
overriden) file system operations.  Xterm is not set-uid root.

If there's one big problem with Solaris, it's the file system
modes (like 775 /etc and otehr directories/files),

Casper

• Next message: Bill Heiser: "Re: -froot??? (AIX rlogin bug)"
• Previous message: Steve Davis: "Re: Solaris problems?"
• In reply to: James W. Abendschan: "Solaris problems?"
• Next in thread: Anthony J. Lill: "Re: Solaris problems?"