In reference to a problem I had some time back, it was discovered that my
solution potentially caused a larger problem than I solved. Here is my
original solution post:
I realize it took a long time, but the solution to my problem concerning
floppy drives locking users out has been solved. The original problem was
that, in our academic labs, several users would mount floppy disks on a
Sparcstation 1 floppy drive during the day. The system would sometimes
report a 'Device Busy' error for, apparently, no good reason. /etc/mtab
showed no trace of the drive being mounted, and 'fuser' reported similiar
The clue came from Todd Antonson (firstname.lastname@example.org) who suggested that
'selection_svc' might be my culprit. In fact, I killed 'selection_svc' and
attempted to mount another floppy, but with the same results. It always
took a reboot to cure the problem. As it turns out, Todd was correct in
that 'selection_svc' was the problem. If the user who fired up
'selection_svc' also was the one whose disk fouled up, then no one else
could use the drive until the next reboot, even if 'selection_svc' was
killed and restarted!
My solution was to make 'root' own the 'selection_svc' process by running it
explicitly in '/etc/rc.local' at boot time with the statement
You MUST explicitly put it in the background or the system locks up
(I found out the hard way!!!). This way, no one user (other than root) can
foul the drive up (at least in this situation).
Thanks to all who have replied to my pleas for help over the last few months
(too many to name here; you know who you are!). And also thanks to the
administrators of 'sun_managers' for having the patience and disk space
necessary for such an endeavor.
Thanks to the efforts of several concerned people (again, too many to
mention here), I contacted my local Sun rep, Colleen Grissom. Here is the
reply I received from Sun and the REAL fix to this problem:
From: IN%"Colleen.Grissom@East.Sun.COM" 24-OCT-1991 15:58:51.71
Subj: Yes, it is a security hole!!
(network stuff edited out)
Here is the response. Let me know if I need to get the patches he
mentioned and send them to you or if can get them from the net.
----- Begin Included Message -----
>From Brad.Powell@Corp Thu Oct 24 15:35:31 1991
Subject: Re: Security hole
I think I fixed this before CERT started posting advisories.
Also pick up patch 100184-02 which is the openwin equivelent
here is the patch info; for details look at the bug reports.
patchid bugid synopsis
100085-03 1039576 1040606 selection_svc security bug. Picks up
sun2,sun3,sun4,sun386i SunOS 4.0.3, SunOS 4.1, 4.1.1
and SunOS 4.0.2 386i
(README from patch 100085-03)
Keywords: selection_svc sunview1 security
Synopsis:SunOS 4.0.3,4.1,4.1.1:selection_svc and rpc can be used to
gain access to system files
SunOS release: 4.0.3, 4.1, sun386i 4.0.1/4.0.2
BugId's fixed with this patch: 1039576 1040606
Architectures for which this patch is available: sun2 sun3 sun3x sun4
Problem Description: selection_svc can be used to get /etc/passwd from a
machine you do not have login permissions to this can also be used
to view user files on that machine.
Procedure to install a patched version of the selection_svc
the new version fixes the security problem described in
bug 1039576 and 1040606:
Exit SunView (if already running SunView) and kill off existing
selection_svc by sending it a SIGHUP (kill -1 <pid_of_sel-svc>)
Install the new selection_svc in /usr/bin/sunview1 (as root) for SunOS
Install the new selection_svc in /usr/bin (as root) for SunOS 4.0.3 and
For sun3 and sun4 SunOS4.1
% su root
# cp selection_svc /usr/bin/sunview1
For sun2, sun3, sun386i, and sun4 running 4.0.3 or 4.0.2
# cp selection_svc /usr/bin
Step 4. Restart SunView.
>From Colleen.Grissom@East Thu Oct 24 12:37:11 1991
>Date: Thu, 24 Oct 91 14:35:31 CDT
>Subject: Security hole
>Cc: Colleen.Grissom@East, joel@nashvl.East
>Greetings techers --
>Is there a security bug with running selection_svc as root? If so,
>what are the implications with respect to SunView? And if so, is
>a CERT advisory on this? This relates to SunOS 4.1.1.
>Colleen Grissom 301 S. Perimeter Park Drive
>TSE Sun Dixie Suite 100
> Nashville, TN 37211
>colleen.grissom@East.Sun.COM (615) 781-4266
----- End Included Message -----
Colleen Grissom 301 S. Perimeter Park Drive
TSE Sun Dixie Suite 100
Nashville, TN 37211
colleen.grissom@East.Sun.COM (615) 781-4266
Very much thanks to all who participated in this, especially Colleen.
Joel L. Seber | Dry humor is wasted around here.
SUN Workstation Laboratory Manager |
Center for Manufacturing Research | -Joel L. Seber
and Technology Utilization |
Tennessee Technological University | recursive, adj.
Cookeville, TN 38505 | See 'recursive'
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:21 CDT