[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : SunOS File/Directory Permissions

Title: SunOS File/Directory Permissions
Released by: CERT
Date: 3rd February 1993
Printable version: Click here

Hash: SHA1

- -----------------------------------------------------------------------------


Last Revision:  September 19,1997

                Attached copyright statement

                                 CERT Advisory

                               February 3, 1993

                       SunOS File/Directory Permissions

- -----------------------------------------------------------------------------

The default permissions on a number of files and directories in SunOS

4.1, 4.1.1, 4.1.2, and 4.1.3 are set incorrectly.  These problems are

relevant for the sun3, sun3x, sun4, sun4c, and sun4m architectures.

They have been fixed in SunOS 5.0.  (Note that SunOS 5.0 is the operating

system included in the Solaris 2.0 software distribution.)

An updated patch to reset these permissions is available from Sun.

CERT has seen an increasing number of attackers exploit these problems

on systems and we encourage sites to consider installing this patch.

- -----------------------------------------------------------------------------

I.   Description

     File permissions on numerous files were set incorrectly in the

     distribution tape of 4.1.x.  A typical example is that a file which

     should have been owned by "root" was set to be owned by "bin".

     Not all sites will need or want to install the patch for this problem.

     The decision of what user id should own most system files and

     directories depends on the administrative practices of the site.

     It is quite reasonable to run a system where the majority

     of files are owned by "bin" as long as the entire system is run in

     a manner consistent with that practice.  As distributed, the SunOS

     configuration expects most system files to be owned by "root".

     The fact that some are not creates security problems.

     Therefore, sites that are running the SunOS versions listed above

     as distributed should install the patch described below.

     Sites that have made an informed choice to configure their system

     differently may instead want to review the patch script and

     consider which, if any, of the changes should be made on their system.

II.  Impact

     Depending on the specific configuration of the local site,

     the default permissions may allow local users to gain "root" access.

III. Solution

     1) Sun has provided a script to reset file and directory permissions

        to their correct values.  The script is available in Sun's

        Patch #100103 version 11.  This patch can be obtained via

        local Sun Answer Centers worldwide as well as through

        anonymous FTP from the ftp.uu.net ( system

        in the /systems/sun/sun-dist directory.

              Patch ID     Filename             Checksum

              100103-11    100103-11.tar.Z      19847   6

        Please note that Sun Microsystems sometimes updates patch files.

        If you find that the checksum is different please contact

        Sun Microsystems or CERT for verification.

     2) Uncompress the file, extract the contents of the tar archive,

        and review the README file.

             % uncompress 100103-11.tar.Z

             % tar xfv 100103-11.tar

             % cat README

     3) This patch will reset the group ownership of certain files to

        either "staff" or "bin".  Make sure you have entries in

        the "/etc/group" file for these accounts.

             % grep '^staff:' /etc/group

             % grep '^bin:' /etc/group


        If you do not have both of these you will need to either add the

        missing account(s) or modify the patch script (4.1secure.sh)

        to reflect group ownerships appropriate for your site.

        (Note that the security problems are fixed by the ownerships and

        mode bits specified in the patch - not by the group ownerships.

        Therefore, changing the group ownerships does not invalidate

        the patch.)

     4) As "root", run the patch script.

              # sh 4.1secure.sh

        This patch fixes Sun BugId's 1046817, 1047044, 1048142, 1054480,

        1037153, 1039292, and 1042662.

     5) The patch script will set "/usr/kvm/crash" to mode 02700 owned

        by "root".  While this is not insecure, since only "root" can run

        the program, CERT recommends that the setgid bit be removed to

        prevent abuse if world execute permission were to be added

        some time later.


        As "root", make "/usr/kvm/crash" not a set-group-id program.

             # chmod 755 /usr/kvm/crash

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact the CERT

Coordination Center or your representative in FIRST (Forum of Incident

Response and Security Teams).

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 (24-hour hotline)

           CERT personnel answer 7:30 a.m.-6:00 p.m. EST(GMT-5)/EDT(GMT-4),

           on call for emergencies during other hours.

CERT Coordination Center

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Past advisories, information about FIRST representatives, and other

information related to computer security are available for anonymous FTP

from cert.org (

- ------------------------------------------------------------------------------

Copyright 1993 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History:

September 19,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.