Re: Solaris 2.3 login

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher A. Stewart: "Re: Solaris 2.3 login"
• Previous message: Peter Wemm: "Re: Solaris 2.3 login"
• Maybe in reply to: Jas: "Solaris 2.3 login"
• Next in thread: Christopher A. Stewart: "Re: Solaris 2.3 login"

>From: John Tipper, Open Client/Server Group
>*** Resending note of 12/08/94 13:44
>Classification:  -- NONE --
>Subject: Core Dumps
>
>Hi,
>
>I'm new to this area, and to butraq, so please bear with me if this note
>is in the wrong format, or doesn't belong here.
>
>Can someone please explain what the security implications are if a
>program results in a coredump? I have discovered several programs here on
>my machines that can result in these.  How could an intruder use these to
>gain access?  What are the best ways of combatting this?
>
>Thanks,

in the case with login, if login dumps there is a change that you can
get a "page" from the shadow password in the dump; thus if you do this
a few time you can get a copy of the shadow password file.

Also it depends on the system. A old "get root quick" method was to do
the following

	ls -s /etc/passwd ./core

then get something to dump core and it might over write a system file.
If your binary has a string that looks like a valid password line you
might get root.  ( this assumes the kernal core_dump funtion will
follow links with is not the case under current verions of BSD).


	-Pete

• Next message: Christopher A. Stewart: "Re: Solaris 2.3 login"
• Previous message: Peter Wemm: "Re: Solaris 2.3 login"
• Maybe in reply to: Jas: "Solaris 2.3 login"
• Next in thread: Christopher A. Stewart: "Re: Solaris 2.3 login"