On Wednesday, 2001-07-25 at 19:24:29 +0900, SeungHyun Seo wrote:
> It still seems to be affected under 3.5beta9 (including this version)
> someone said it's not the problem of exploitable vulnerability about 8 month ago ,
> but it's possible to exploit though situation is difficult.
> following code and some procedure comments demonstrate it.
> possible to get kmem priviledge in the XXXXBSD which is still not patched,
> possible to get root priviledge in solaris .
Top does not need to be SUID root in Solaris, either. The default
install uses this mode (clipped from the Makefile generated on
Solaris 8 x86):
MODE = 2711
GROUP = sys
Both /dev/mem and /dev/kmem are
crw-r----- 1 root sys 13, 1 Dec 3 2000 /dev/kmem
crw-r----- 1 root sys 13, 0 Dec 3 2000 /dev/mem
Lupe Christoph
--
| [EMAIL PROTECTED] | http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a |
| Bat-Leth contest on the holodeck. They will not concern us again. |
| http://public.logica.com/~stepneys/joke/klingon.htm |