Re: Beer & talk at Usenix Security Symposium

Alexander L. Haiut (alx@CS.bgu.ac.il)
Sat, 3 Jun 1995 03:10:43 +0200 (GMT+0200)

> Obbug:I have noticed this on SunOS 4.1.3 running X11R5 and
> motif 1.2.3. Anyone can get limited (possibly more) access to the
> system if:
>  -There is a ".xsession" file that is world readable in the root "/" 
>    directory (i.e. 644 as usual)
>  -Sync account is left with default passwd entry of
>    "sync::5:1:/:/bin/csh"  (i.e. Which is the Sun install default)

	If my memory serves me well, the SunOS 4.1.x default passwd 
	entry for sync is: "sync::1:1::/:/bin/sync". Am I wrong ?

	Sure, this should be fixed because of things you show and the
	LD_LIBRARY_PATH bug. .xsession exploit is fine, but I've never
	seen .xsession file in root directory.. :) 

			Thanks!			--alex.


--

Alexander L. Haiut					       +971-7-461658
Math & CS System group		                            alx@cs.bgu.ac.il
Ben-Gurion University, Israel                  http://www.cs.bgu.ac.il/~alx/