Re: BUGTRAQ ALERT: Solaris 2.x vulnerability

[ley () cert dfn de (Wolfgang Ley)]

-----BEGIN PGP SIGNED MESSAGE-----

Darren Reed wrote:
> In some mail from Scott Chasin, sie said:
> [...]
> >          The following is a bootup script should be added to ensure that
> >          the sticky bit stays.
> >
> >          This file should be called /etc/rc3.d/S79tmpfix
> [...]
>
> If you look closely at the rc scripts, you'll notice that S05RMTMPFILES
> is meant to do all this.
>
> Obviously, it doesn't.
>
> This script file is disfunctional, as far as I can tell.  It doesn't
> even do what it says, mostly it relies on tmpfs being used.

The problem with the script is, that is only clears (and chmod()'s)
/tmp if it is not a mount point. So if you don't have /tmp on your root
partition it won't work...
The problem line:

  M=`/sbin/mount | /usr/bin/egrep '^/tmp(/| )' | /usr/bin/wc -l`
  if [ $M -eq 0 ]
  ...

If you do have /tmp on a separate partition nothing will be done.

Bye,
  Wolfgang.
- --
- ----------------------------------------------------------------------
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg,    Germany
Email: ley () cert dfn de   Phone: +49 40 54715-262 Fax: +49 40 54715-241
PGP-Key available via finger ley () ftp cert dfn de any key-server or via
WWW from http://www.cert.dfn.de/~ley/               ...have a nice day

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMDCxAAQmfXmOCknRAQGBnAQAqsF8czzosG14GVpx4VtL2owAdjiruoYx
9u/bvKeAJ9yJzbHRBpzISN+rh1KYDYbJCNwmBnSU7YzvzwCDQHF9GYfEQwfTFMZ4
QGVJyjhyK0Rk32xc8nifmsp3OHHmEg3KRUFIjttRSAshXJdVaEgROsaHDBQm3xNS
38O+wGzdTnw=
=iSYV
-----END PGP SIGNATURE-----