[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: digital unix 4.0 hole
From:       Paul Szabo <szabo_p () MATHS ! SU ! OZ ! AU>
Date:       1997-11-21 6:40:09
[Download RAW message or body]

[I sent this to bugtraq on 17 Nov, but maybe the moderator misplaced it...]

There are currently two threads of creating root-owned core files on dUNIX
machines. Tom Leffingwell <tom@sba.miami.edu> wrote:
> setenv DISPLAY abcdefghi
> /usr/bin/X11/xterm
and John McDonald <jmcdonal@OSPREY.UNF.EDU> suggested:
> If you run dbx (tested on 3.11.10) on a setuid root program ...

To avoid the problem of core file creation, Johan Danielsson
<joda@PDC.KTH.SE> said to patch /vmunix:
> # cp /vmunix /vmunix.save
> # dbx /vmunix
> (dbx) ((unsigned*)core+82)/1 i
>   [core:5261, 0xfffffc000026ff48]       and     r1, r2, r1
> (dbx) patch *((unsigned*)core+82) = 0x203f0001
>   [core:5261, 0xfffffc000026ff48]       lda     r1, 1(r31)
> (dbx) q
> # reboot

A colleague of mine suggests that, since /sbin/rc3.d starts anything a
user's process could be a descendant of, a simpler method might be to insert
one line into /sbin/rc3 :

ulimit -h -c 0

This solution seems to work for me (passed my limited testing).

Paul Szabo - System Manager   //        School of Mathematics and Statistics
psz@maths.usyd.edu.au         //   University of Sydney, NSW 2006, Australia

[prev in list] [next in list] [prev in thread] [next in thread]