Vulners
Lucene search
solaris.5.7.mount.suid.txt
`Date: Mon, 10 May 1999 09:14:12 +0200
From: Jonas Stahre <[email protected]>
To: [email protected]
Subject: SunOS 5.7 rmmount, no nosuid.
The man-page for rmmount under SunOS 5.7 says:
File systems mounted by rmmount are always mounted with the
nosuid flag set, thereby disabling set-uid programs and
access to block or character devices in that file system.
...this is unfortunately wrong.
All you have to do to get root-privileges is to insert a floppy/cdrom with
a setuid shell and a volcheck and an evil grin later you have a root
prompt.
There is a workaround that fix the problem, just add these lines to your
/etc/rmmount.conf:
mount hsfs -o nosuid
mount ufs -o nosuid
(I've also heard that using a SunOS 5.6 rmmount binary would fix the
problem, but I haven't tried it myself.)
I have only tested this on Ultra5 with floppies on SunOS 5.7, but I am
pretty sure it works on all SunOS 5.7 machines (with floppy and/or cdrom).
/Jonas Stahre
PS. Yes, I've talked to Sun about this some time ago. So I have gone
through the proper channels.
PPS. My signature says "/bin/sh" NOT "/bin/bash", ok?
#!/bin/sh -- # set i=echo;set I='u[Cu[Cu[C';set l="tr u \033";$L .-.
clear;cat $0;cat $0|sed '/D/d;s/L.*$/l/;s/.*# //;s/1/;71H/g'|csh -f;[ V ]
# while 2;$i "u[31/$I\u[21 $I "|$l;$i "u[31 $I u[21_${I}_"|$L (( ))
# end;$i "u[31 $I u[21\$I/"|$l;$i "u[21_${I}_"|$L [email protected] ^ ^
--------------------------------------------------------------------------------
Date: Mon, 10 May 1999 16:20:41 -0500
From: C.J. Oster <[email protected]>
To: [email protected]
Subject: Re: SunOS 5.7 rmmount, no nosuid.
On Mon, 10 May 1999, Jonas Stahre wrote:
>There is a workaround that fix the problem, just add these lines to your
>/etc/rmmount.conf:
>
>mount hsfs -o nosuid
>mount ufs -o nosuid
In testing, I found this workaround to be ineffective. What is required
is the folowing...
mount floppy* -o nosuid
mount cdrom* -o nosuid
PS Tested on an Ultra10 with a floppy.
-CJO-
C.J. Oster (Linux Guru/Surge Addict)
------------------------------------------------------------------
| [email protected] | 910 S. 3rd St, #1218 | CCSO, WSG, UIUC |
| [email protected] | Champaign, IL 61820 | 1443 DCL, Urbana |
| ---------------------------------------------------------------|
| PGP: 87D5 4216 43A1 42D6 754D 8F5E 24B3 992A B7A1 F556 |
------------------------------------------------------------------
(580)761-6393 (217)328-8934
"Linux, for people with an IQ above 98" - Bumper Sticker
"Hm, a little big for a cup holder... Why does it say '4x' on it?"
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4