Re: finger-bombing, abuse timeout
Pat Myrto (rwing!pat@ole.cdac.com)
Fri, 14 Oct 94 7:05:33 PDT
"In the previous message, Charles Howes said..."
>
>
> ObBug: The shell escape from 'crash' on SunOS... file descriptors are
> left open to /dev/kmem and /dev/mem, among other things.
>
> % crash
> dumpfile = /dev/mem, ....
> > !/bin/sh
> % strings <&9 >/tmp/out &
> % id
> .... egid=2(kmem) ....
>
> Ooops. I understated the problem.
Yeh. Regarding fixes, I checked - the shell script available from Sun
as a patch to fix the FCS permissions does fix the permissions on crash
so only root can run it. I checked my machine, and it was not world
executable (or anything). I had run that fixit script some time ago.
It is DEFINITELY a good thing to run, and then you can follow up and
fix stuff like newsyslog (which it doesn't fix). The thing is designed
so one can add any files to a list built in, with fields for perms,
type, owner, group, the whole thing. In fact, I have been playing
catch-up and any file I alter the perms on to lock things down, I add
to the thing, so on a new install, I only need to run it. There is a
BUNCH of stuff owned by bin (/etc, /dev, most of the system subdirs) that
are changed to root by the script - a must do on a box that exports stuff
via NFS.
It handles files that don't happen to be there (like one did not install
all the options) gracefully and silently. I forget the patch number, but
its a real low one, and I feel is a 'must have' - or at least something
like it.
--
pat@rwing [If all fails, try: rwing!pat@eskimo.com] Pat Myrto - Seattle WA
"No one has the right to destroy another person's belief by demanding
empirical evidence." -- Ann Landers, nationally syndicated advice columnist
and Director at Handgun Control Inc.