#170636 - 15/07/2003 08:42
Solaris privilege esaclation from the PROM monitor
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
I've managed to screw up my runtime linker configuration on my workstation.
It would be remarkably helpful if someone could remember the thing where you can escalate the privileges of a certain process from the prom so that I can delete the bogus /var/ld/ld.config file and make things work again.
If anyone can find it or remembers it, I'd be much appreciative. I don't really feel like shutting the machine down hard. (Basically I can only run statically linked binaries. I can set LD_LIBRARY_PATH back to /usr/lib, but I can't do that for any process that's suid, so I can't be root.)
In the meantime, I'm going to lunch.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170637 - 15/07/2003 11:04
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 08/06/1999
Posts: 7868
|
Really wish I could help, but all I could turn up was info that this procedure is covered in some certification exam from Sun. Specificially CX-310-301, and I can't find an online study guide for it.
All my experience with Solaris is either remote to a Sun box (long ago), or on Intel platforms. My experience with Open Firmware is only on Apple machine.
|
Top
|
|
|
|
#170638 - 15/07/2003 11:23
Re: Solaris privilege esaclation from the PROM monitor
[Re: wfaulk]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
I am not really sure what you are looking for? You mention the prom, but I assume you are not talking boot prom at this stage. Can you be a little more specific?
I understand you are trying to delete a bogus file, but cannot do it with a symbolicly linked command. Can you use a copy con or other editor (your choice) to overwrite the file? Are you root now?
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#170639 - 15/07/2003 11:41
Re: Solaris privilege esaclation from the PROM mon
[Re: pgrzelak]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
There is a manner in which one can find the process space of a running process, enter the OpenBoot PROM and modify the memory at that space so that it you can checnge the ownership of the process. I may have read it in a 2600, now that I think of it.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170640 - 15/07/2003 11:46
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
|
If anyone can find it or remembers it, I'd be much appreciative. I don't really feel like shutting the machine down hard. (Basically I can only run statically linked binaries. I can set LD_LIBRARY_PATH back to /usr/lib, but I can't do that for any process that's suid, so I can't be root.)
Move it out of the way with /usr/sbin/static/mv?
|
Top
|
|
|
|
#170641 - 15/07/2003 12:09
Re: Solaris privilege esaclation from the PROM mon
[Re: Daria]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
But I'm not root.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170642 - 15/07/2003 12:11
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170643 - 15/07/2003 12:15
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
It might be possible to modify the process ownership by changing the user ID in the /proc directory... Hmm... Thinking...
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#170644 - 15/07/2003 12:15
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 15/08/2000
Posts: 4859
Loc: New Jersey, USA
|
NEAT!!! Of course, I would trigger tons of alarms if I tried that here...
Edited by pgrzelak (15/07/2003 12:21)
_________________________
Paul Grzelak 200GB with 48MB RAM, Illuminated Buttons and Digital Outputs
|
Top
|
|
|
|
#170645 - 15/07/2003 12:44
Re: Solaris privilege esaclation from the PROM mon
[Re: pgrzelak]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Of course, I mistyped one character and screwed it up. Kinda like how I got to this point in the first place.
Oh, well. My ufs logging filesystems are currently grinding the crap out of my drives....
Edit: Now that my drives are done rolling back, I tried it again and it worked right. The zsh I modified even noticed and changed the prompt from `%' to `#'. Neat.
What I typed wrong was ``hex 0 300007dcba9 4 + l!''. I accidentally typed ``hex 0 300007dcba9 f + l!''. (Damn head thinking ``four'' instead of ``4''.) It told me that the alignment was invalid in some manner, so I tried again correctly, but it was already screwed by that point. A ``go'' just hung the machine. I couldn't even get back to the prom.
Edited by wfaulk (15/07/2003 12:58)
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170646 - 15/07/2003 12:45
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Damn. And I only just now noticed that I misspelled escalation in the thread title. I should just go home.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170647 - 15/07/2003 13:04
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
I should just go home. Sounds like someone's got a case of the Tuesdays.
I was having one earlier today, and that's exactly what I did. Went home, took an hour nap, and came back to work. So I'll have to stay a little later, but at least I'll be somewhat productive.
|
Top
|
|
|
|
#170648 - 15/07/2003 13:21
Re: Solaris privilege esaclation from the PROM mon
[Re: tonyc]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Let's not forget the construction going on about ten feet from me, where, amongst other noisy activities, they're cutting metal studs with power saws and using gunpowder-actuated concrete nailers, which is like having .22-caliber handguns going off. Then there's the incessant beeping coming from the hardware CD copier of the guy that's not here today.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170649 - 15/07/2003 14:12
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
|
We've secretly replaced Bitt with link-happy CmdrTaco of Slashdot fame. Let's see if anyone notices the difference...
|
Top
|
|
|
|
#170650 - 15/07/2003 14:13
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
old hand
Registered: 15/02/2002
Posts: 1049
|
Damn is that ever cool. Makes me feel like a seriously wimpy geek, though...
|
Top
|
|
|
|
#170651 - 15/07/2003 14:13
Re: Solaris privilege esaclation from the PROM mon
[Re: tonyc]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Just thank your lucky stars I didn't link ``incessant beeping''.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170652 - 15/07/2003 14:20
Re: Solaris privilege esaclation from the PROM mon
[Re: tonyc]
|
Carpal Tunnel
Registered: 08/02/2002
Posts: 3411
|
That'll be easy - Just look out for a new thread appearing in the near future;
"Hacking Forth to get root on Sun machines. [Edit: Dupe]"
_________________________
Mk2a 60GB Blue. Serial 030102962
sig.mp3: File Format not Valid.
|
Top
|
|
|
|
#170653 - 15/07/2003 16:08
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
|
So you just need a static setuid binary and it will all be fine. Too bad su isn't static, despite my best efforts on behalf of my own su. So I'll just shut up.
|
Top
|
|
|
|
#170654 - 15/07/2003 16:14
Re: Solaris privilege esaclation from the PROM mon
[Re: Daria]
|
carpal tunnel
Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
|
Yeah. In their infinite wisdom, Sun decided that we didn't really need those static binaries anymore. Assholes. Pointless to make multiple partitions now, too.
_________________________
Bitt Faulk
|
Top
|
|
|
|
#170655 - 15/07/2003 22:18
Re: Solaris privilege esaclation from the PROM mon
[Re: wfaulk]
|
carpal tunnel
Registered: 24/01/2002
Posts: 3937
Loc: Providence, RI
|
Yeah. In their infinite wisdom, Sun decided that we didn't really need those static binaries anymore.
Well, it's hard to build a static su that supports pam and nss (or even just nss). On the other hand, I have the cheesy setuid binary, which is trivial to make static
But that doesn't help you.
|
Top
|
|
|
|
|
|