Solaris permission problem(newbie)

[mikebw at colossus.bilow.com (Mike Bilow)]

On Fri, 28 Apr 2000, Jerry Callen wrote:

> Mike Bilow wrote:
> > 
> > I don't know what book you're reading, but /tmp and /var/tmp damn well
> > ought to be mode 1777 or everyone on the system can become root.
> > Especially on a Solaris machine where the exploit is well known and
> > publicly available, allowing anything other than 1777 is a recipe for
> > disaster.  While we're on this subject, /tmp and /var/tmp had also better
> > be owned by root.root, or similar kinds of bad things will occur.
> 
> This is all (very interesting) news to me. Can you provide a pointer
> to a description of the problem?

These are pretty ancient...

ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-95.07.Incorrect.Permissions.on.tmp.may.allow.root.access

...which is quoted in...

http://www.cert.org/ftp/cert_advisories/CA-95:09.Solaris-ps.vul

> For that matter, what sources should a sysadmin use when trying to secure
> a system? I've done a fair amount of reading about firewallS & such, but
> clearly there's STILL an awful lot I don't know. And what I don't know WILL
> hurt me.

There are numerous checklists covering the basic stuff.  For example:

http://www.auscert.org.au/Information/Auscert_info/papers.html
http://www.cert.org/nav/securityimprovement.html
http://uwsg.ucs.indiana.edu/usail/tasks/security/security.html

In general, any directory which is world-writable should be "sticky."

-- Mike


-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).