cpio.09.97-12-08.solaris_var
ce2b9995b3fe14cc2b2dd519cbb66a02db2ca71bb43f4ca514c56f1b68c697c5
**************** CPIO Security Notice ****************
Issue Number 9: 971208
Topic: Solaris /var Permission problems
Platforms: Solaris 2.5.1, 2.6 / SPARC; possibly 2.5.
**** Solaris /var permission problems ****
Both Solaris 2.5.1 and Solaris 2.6 leave remarkably exploitable
permissions on files and directories in /var after a default
install. After patch installs, many of these highly insecure
permissions still exist. Others may have noticed this behaviour,
but no one at CPIO has yet seen it summarized or published.
Careful examination of both operating systems (OK, running find(1)
:) ) on sun4c, sun4m, and sun4u platforms yielded the following
results. Solaris for x86 platforms may be similarly affected. After
checking all machines with the same set of commands, we have found
the following permission problems with these files:
Solaris 2.5.1:
/var/adm/vold.log (mode 666, root:root)
/var/adm/spellhist (mode 666, bin:bin)
/var/adm/messages (mode 666, root:other) NOTE: this is the
first set of permissions on this
file. newsyslog fixes this during t
he archive process.
/var/adm/log/asppp.log (mode 666, root:root)
/var/news (directory, mode 777, bin:bin)
/var/log/syslog (mode 666, root:other) On initial install,
this is 664, but when rolled over,
becomes 666. Patch 104613 fixes this.
/var/log/sysidconf.log (mode 777, root:other)
/var/sadm/install/.pkg.lock (mode 666, root:root)
/var/spool/lp/fifos/FIFO (mode 666, lp:lp)
/var/lp/logs/lpsched (mode 666, root:root)
/var/lp/logs/lpNet (mode 666, root:root)
/var/preserve (directory, mode 777, bin:bin)
/var/spool/pkg (directory, mode 777, bin:bin)
Solaris 2.6:
/var/adm/vold.log (mode 666, root:root)
/var/adm/spellhist (mode 666, bin:bin)
/var/log/sysidconf.log (mode 777, root:other)
/var/saf/_log (mode 666, root:root)
/var/dmi/db/1l.comp (mode 666, root:root)
/var/dmi/db/1l.tbl (mode 666, root:root)
/var/snmp/snmpdx.st (mode 666, root:root)
/var/snmp/snmpdx.st.old (mode 666, root:root)
PATCHES AND FIXES
Some patches fix some problems-- patch 104613 fixes the
/var/log/syslog problem on 2.5.1.
In addition, Casper Dik has a program called "fix-modes" which is
available from ftp://ftp.wins.uva.nl/pub/solaris/
This fixes many of the descrepancies detailed here.
CREDITS
Contributed by CPIO. Jonathan Katz compiled the final bad permissions
lists.
The CPIO Team <consulting@cpio.org>
Jonathan Katz <jkatz@cpio.org>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed