Unable to su on firewall

From: Daniel Bergman (d-b@home.se)
Date: 04/16/03

  • Next message: Gideon Rasmussen CISSP: "Expanded Solaris Security"
    Date: Wed, 16 Apr 2003 18:55:45 +0200
    From: Daniel Bergman <d-b@home.se>
    To: focus-sun@securityfocus.com
    
    

    Hi,

    I'm having huge problems switching user, using su utility, to a user named 'daniel' on my Solaris 8 x86 server.
    I've attached the full output of truss - but here's the lines that's really bugging me:

    # truss -f su - daniel
    739: execve("/usr/bin/su", 0x08047DD0, 0x08047DE0) argc = 3
    739: xstat(2, "/usr/bin/su", 0x08047B64) = 0
    739: open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
    739: sysconfig(_CONFIG_PAGESIZE) = 4096
    739: open("/usr/lib/libcrypt_i.so.1", O_RDONLY) = 3
    739: fxstat(2, 3, 0x0804757C) = 0
    739: mmap(0x00000000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFBB0000
    739: mmap(0x00000000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB90000

    |
    z A huge number of lines have been removed. See the full output below.
    |

    739: time() = 1050509282
    739: getpid() = 739 [738]
    739: putmsg(3, 0x08046154, 0x08046148, 0) = 0
    739: open("/var/run/syslog_door", O_RDONLY) = 4
    739: door_info(4, 0x080460E4) = 0
    739: getpid() = 739 [738]
    739: door_call(4, 0x080460CC) = 0
    739: close(4) = 0
    739: setuid(3333) = 0
    739: chdir("/tmp") Err#13 EACCES <-- Really strange, see below for /tmp listing.
    No directory!
    739: write(2, " N o d i r e c t o r y".., 14) = 14
    739: mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xDFA50000
    739: munmap(0xDFA50000, 4096) = 0
    739: llseek(0, 0, SEEK_CUR) = 36065
    739: _exit(1)

    I'm unable to dig further down into Solaris so I need your help. Why would chdir("/tmp"); fail?
    Please let me know if you have the slightest clue about what's causing this. Also, let me know if I can give you more information about the "error".

    Regards,
    Daniel Bergman
    d-b@home.se

    ==========================================
    *
    * ATTACHED OUTPUT FROM SEVERAL USEFUL CMDS
    *
    ==========================================

       # cat /etc/release
                            Solaris 8 1/01 s28x_u3wos_08 INTEL
               Copyright 2000 Sun Microsystems, Inc. All Rights Reserved.
                                     Assembled 28 November 2000
       # uname -a
       SunOS screen 5.8 Generic_108529-05 i86pc i386 i86pc

       # ls -lda /tmp
       drwxrwxrwt 2 root root 143 Apr 16 02:01 /tmp

       # ls -la /etc/passwd /etc/shadow /etc/group
       -rw-r--r-- 1 root root 146 Apr 16 18:07 /etc/group
       -r--r--r-- 1 sys sys 274 Apr 15 22:16 /etc/passwd
       -r-------- 1 root root 191 Apr 15 21:37 /etc/shadow

       # egrep daniel /etc/passwd /etc/shadow /etc/group
       /etc/passwd:daniel:x:3333:3333:Daniel B:/tmp:/bin/sh
       /etc/shadow:daniel:c2ADsIEyEPqYw:12157::::::
       /etc/group:daniel::3333:

       # ps -ef
          UID PID PPID C STIME TTY TIME CMD
          root 0 0 0 Apr 14 ? 0:04 sched
          root 1 0 1 Apr 14 ? 0:06 /etc/init -
          root 2 0 0 Apr 14 ? 0:01 pageout
          root 3 0 0 Apr 14 ? 6:33 fsflush
          root 141 1 0 Apr 14 ? 0:00 /usr/lib/saf/sac -t 300
          root 144 141 0 Apr 14 ? 0:01 /usr/lib/saf/ttymon
          root 111 1 6 Apr 14 ? 3:01 ipmon -Dsn
          root 41 1 0 Apr 14 ? 0:00 /usr/lib/sysevent/syseventd
          root 135 1 0 Apr 14 ? 0:00 /usr/sbin/auditd
          root 755 752 2 18:19:48 pts/1 0:00 ps -ef
          root 126 1 0 Apr 14 ? 0:00 /usr/lib/utmpd
          root 121 1 1 Apr 14 ? 10:13 /usr/sbin/syslogd
          root 123 1 0 Apr 14 ? 0:00 /usr/sbin/cron
          root 749 422 3 18:19:11 ? 0:02 /usr/local/sbin/sshd
          root 753 1 2 18:19:41 console 0:01 /usr/lib/saf/ttymon -g -h -p screen console login: -T sun-color -d /dev/consol
          root 752 749 1 18:19:24 pts/1 0:01 ksh -o emacs
          root 422 1 0 21:31:00 ? 0:00 /usr/local/sbin/sshd

       # df -k
       Filesystem kbytes used avail capacity Mounted on
       /dev/dsk/c0d0s0 957135 589649 310058 66% /
       /dev/dsk/c0d0p0:boot 11984 1162 10822 10% /boot
       /proc 0 0 0 0% /proc
       fd 0 0 0 0% /dev/fd
       mnttab 0 0 0 0% /etc/mnttab
       swap 197544 4 197540 1% /var/run
       swap 102400 32 102368 1% /tmp

       # pkginfo
       application SMCbash bash
       application SMCgzip gzip
       application SMClibgcc libgcc
       application SMCossh openssh
       application SMCossl openssl
       application SMCtcpdwr tcp_wrappers
       application SMCzlib zlib
       system SUNWaccr System Accounting, (Root)
       system SUNWaccu System Accounting, (Usr)
       system SUNWcar Core Architecture, (Root)
       system SUNWcsd Core Solaris Devices
       system SUNWcsl Core Solaris, (Shared Libs)
       system SUNWcsr Core Solaris, (Root)
       system SUNWcsu Core Solaris, (Usr)
       system SUNWesu Extended System Utilities
       system SUNWkvm Core Architecture, (Kvm)
       system SUNWlibC Sun Workshop Compilers Bundled libC
       system SUNWlibms Sun WorkShop Bundled shared libm
       system SUNWloc System Localization
       system SUNWos86r Platform Support, OS Functionality (Root)
       system SUNWos86u Platform Support, OS Functionality (Usr)
       system SUNWpsdcr Platform Support, Bus-independent Device Drivers (Root)
       system SUNWpsdir Platform Support, ISA Bus Device Drivers, (Root)
       system SUNWrmodr Realmode Modules, (Root)
       system SUNWrmodu Realmode Modules, (Usr)
       system SUNWsprot Solaris Bundled tools
       system SUNWswmt Install and Patch Utilities
       system SUNWtoo Programming Tools
       system elbc 3Com EtherLink 10/100 single/dual port PCI NIC
       system ipf IP Filter

       # eeprom
       auto-boot?=true
       auto-boot-cfg-num=-1
       auto-boot-timeout=5
       boottimeout=0
       bshfirst=false
       output-device=screen
       input-device=keyboard
       boot-file=kernel/unix
       kbd-type=Swedish
       target-driver-for-scsi=sd
       target-driver-for-direct=cmdk
       target-driver-for-csa=cmdk
       target-driver-for-dsa=cmdk
       target-driver-for-smartii=cmdk
       pciide=true
       net-config-strategy=rarp
       prealloc-chunk-size=0x2000
       ata-dma-enabled=0
       kbd-wkeys=true
       probed-arch-name=i86pc
       probed-compatible=i86pc
       bootpath=/isa/ata@1,1f0/cmdk@0,0:a

       # env && set
       _=/usr/bin/env
       SSH_TTY=/dev/pts/1
       PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
       LOGNAME=root
       MAIL=/var/mail//root
       USER=root
       SHELL=/sbin/sh
       HOME=/root
       SSH_CONNECTION=been removed
       SSH_CLIENT=been removed
       TERM=xterm
       PWD=/root
       TZ=MET
       ERRNO=0
       FCEDIT=/bin/ed
       HOME=/root
       IFS='
       '
       LINENO=1
       LOGNAME=root
       MAIL=/var/mail//root
       MAILCHECK=600
       OPTIND=1
       PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/local/sbin
       PPID=749
       PS1='# '
       PS2='> '
       PS3='#? '
       PS4='+ '
       PWD=/root
       RANDOM=21052
       SECONDS=310
       SHELL=/sbin/sh
       SSH_CLIENT='been removed'
       SSH_CONNECTION='been removed'
       SSH_TTY=/dev/pts/1
       TERM=xterm
       TMOUT=0
       TZ=MET
       USER=root
       _=eeprom

       # truss -f su - daniel
       739: execve("/usr/bin/su", 0x08047DD0, 0x08047DE0) argc = 3
       739: xstat(2, "/usr/bin/su", 0x08047B64) = 0
       739: open("/var/ld/ld.config", O_RDONLY) Err#2 ENOENT
       739: sysconfig(_CONFIG_PAGESIZE) = 4096
       739: open("/usr/lib/libcrypt_i.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB90000
       739: mmap(0xDFBA2000, 1296, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 8192) = 0xDFBA2000
       739: munmap(0xDFB92000, 65536) = 0
       739: memcntl(0xDFB90000, 3276, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libcmd.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB70000
       739: mmap(0xDFB83000, 613, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 12288) = 0xDFB83000
       739: munmap(0xDFB73000, 65536) = 0
       739: memcntl(0xDFB70000, 3428, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libbsm.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB50000
       739: mmap(0xDFB60000, 6079, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 65536) = 0xDFB60000
       739: mmap(0xDFB62000, 2060, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xDFB62000
       739: mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xDFB40000
       739: memcntl(0xDFB50000, 16212, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libmp.so.2", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 81920, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB20000
       739: mmap(0xDFB33000, 604, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 12288) = 0xDFB33000
       739: munmap(0xDFB23000, 65536) = 0
       739: memcntl(0xDFB20000, 2644, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libsocket.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 110592, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFB00000
       739: mmap(0xDFB1A000, 2908, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 40960) = 0xDFB1A000
       739: munmap(0xDFB0A000, 65536) = 0
       739: memcntl(0xDFB00000, 11980, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libnsl.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: mmap(0x00000000, 589824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFA60000
       739: mmap(0xDFAE3000, 20812, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 471040) = 0xDFAE3000
       739: mmap(0xDFAE9000, 27060, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xDFAE9000
       739: munmap(0xDFAD3000, 65536) = 0
       739: memcntl(0xDFA60000, 51684, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libdl.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFBB0000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFBB0000
       739: close(3) = 0
       739: open("/usr/lib/libproject.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFA50000
       739: mmap(0x00000000, 77824, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFA30000
       739: mmap(0xDFA42000, 451, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 8192) = 0xDFA42000
       739: munmap(0xDFA32000, 65536) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xDFA20000
       739: memcntl(0xDFA30000, 2824, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libpam.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFA50000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFA50000
       739: mmap(0x00000000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDFA00000
       739: mmap(0xDFA16000, 1934, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 24576) = 0xDFA16000
       739: munmap(0xDFA06000, 65536) = 0
       739: memcntl(0xDFA00000, 4752, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libc.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFA50000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFA50000
       739: mmap(0x00000000, 638976, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDF960000
       739: mmap(0xDF9F4000, 22656, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 540672) = 0xDF9F4000
       739: mmap(0xDF9FA000, 4808, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANON, -1, 0) = 0xDF9FA000
       739: munmap(0xDF9E4000, 65536) = 0
       739: memcntl(0xDF960000, 93712, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libgen.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFA50000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFA50000
       739: mmap(0x00000000, 94208, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDF940000
       739: mmap(0xDF956000, 1696, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 24576) = 0xDF956000
       739: munmap(0xDF946000, 65536) = 0
       739: memcntl(0xDF940000, 6392, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: open("/usr/lib/libsecdb.so.1", O_RDONLY) = 3
       739: fxstat(2, 3, 0x0804757C) = 0
       739: mmap(0xDFA50000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xDFA50000
       739: mmap(0x00000000, 86016, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0xDF920000
       739: mmap(0xDF934000, 834, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 16384) = 0xDF934000
       739: munmap(0xDF924000, 65536) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xDF910000
       739: memcntl(0xDF920000, 5292, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(3) = 0
       739: munmap(0xDFA50000, 4096) = 0
       739: sysi86(SI86FPHW, 0xDF9FB260, 0x08047D8C, 0xDFBED214) = 0x00000000
       739: brk(0x08064E80) = 0
       739: brk(0x08066E80) = 0
       739: open("/etc/default/su", O_RDONLY) = 3
       739: llseek(3, 0, SEEK_CUR) = 0
       739: llseek(3, 0, SEEK_SET) = 0
       739: fstat64(3, 0x08046C68) = 0
       739: brk(0x08066E80) = 0
       739: brk(0x08068E80) = 0
       739: ioctl(3, TCGETA, 0x08046C3C) Err#25 ENOTTY
       739: read(3, " # i d e n t\t " @ ( # )".., 8192) = 702
       739: llseek(3, 0xFFFFFFFFFFFFFDD8, SEEK_CUR) = 150
       739: llseek(3, 0, SEEK_SET) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 8192) = 702
       739: llseek(3, 0xFFFFFFFFFFFFFE4B, SEEK_CUR) = 265
       739: llseek(3, 0, SEEK_SET) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 8192) = 702
       739: read(3, 0x080661AC, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 702
       739: llseek(3, 0, SEEK_SET) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 8192) = 702
       739: read(3, 0x080661AC, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 702
       739: llseek(3, 0, SEEK_SET) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 8192) = 702
       739: sysconfig(_CONFIG_PAGESIZE) = 4096
       739: llseek(3, 0, SEEK_CUR) = 702
       739: close(3) = 0
       739: fstat64(0, 0x08046C90) = 0
       739: ioctl(0, TCGETA, 0x08046BD4) = 0
       739: stat64("/dev/tty", 0x08046C00) = 0
       739: stat64("/dev/console", 0x08046C00) = 0
       739: stat64("/dev/conslog", 0x08046C00) = 0
       739: stat64("/dev/syscon", 0x08046C00) = 0
       739: stat64("/dev/systty", 0x08046C00) = 0
       739: stat64("/dev/wscons", 0x08046C00) = 0
       739: open("/etc/ttysrch", O_RDONLY) = 3
       739: stat64("/etc/ttysrch", 0x08046B54) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 1408) = 1408
       739: close(3) = 0
       739: stat64("/dev/pts/1", 0x08046B54) = 0
       739: fstat64(0, 0x08046618) = 0
       739: ioctl(0, TCGETA, 0x0804655C) = 0
       739: stat64("/dev/tty", 0x08046588) = 0
       739: stat64("/dev/console", 0x08046588) = 0
       739: stat64("/dev/conslog", 0x08046588) = 0
       739: stat64("/dev/syscon", 0x08046588) = 0
       739: stat64("/dev/systty", 0x08046588) = 0
       739: stat64("/dev/wscons", 0x08046588) = 0
       739: open("/etc/ttysrch", O_RDONLY) = 3
       739: stat64("/etc/ttysrch", 0x080464DC) = 0
       739: read(3, " # i d e n t\t " @ ( # )".., 1408) = 1408
       739: close(3) = 0
       739: stat64("/dev/pts/1", 0x080464DC) = 0
       739: open("/var/adm/utmpx", O_RDONLY) = 3
       739: fstat64(3, 0x080465E4) = 0
       739: ioctl(3, TCGETA, 0x080465B8) Err#25 ENOTTY
       739: read(3, "\0\0\0\0\0\0\0\0\0\0\0\0".., 8192) = 2976
       739: llseek(3, 0, SEEK_CUR) = 2976
       739: close(3) = 0
       739: open64("/var/adm/utmpx", O_RDONLY) = 3
       739: llseek(3, 2604, SEEK_SET) = 2604
       739: read(3, " r o o t\0\0\0\0\0\0\0\0".., 372) = 372
       739: close(3) = 0
       739: open("/var/adm/sulog", O_WRONLY|O_APPEND|O_CREAT, 0600) = 3
       739: close(3) = 0
       739: chown("/var/adm/sulog", 0, 0) = 0
       739: stat64("/etc/pam_debug", 0x08046CBC) = 0
       739: fxstat(2, -1, 0x08046BC4) Err#9 EBADF
       739: open("/dev/conslog", O_WRONLY) = 3
       739: fcntl(3, F_SETFD, 0x00000001) = 0
       739: fxstat(2, 3, 0x08046BC4) = 0
       739: open("/etc/pam_debug", O_RDONLY) = 4
       739: read(4, 0x08046C6C, 80) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046A18) = 0
       739: time() = 1050509277
       739: open("/usr/share/lib/zoneinfo/MET", O_RDONLY) = 4
       739: read(4, " T Z i f\0\0\0\0\0\0\0\0".., 8192) = 755
       739: close(4) = 0
       739: putmsg(3, 0x080460D0, 0x080460C4, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046060) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046048) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046A00) = 0
       739: time() = 1050509277
       739: putmsg(3, 0x080460B8, 0x080460AC, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046048) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046030) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046A00) = 0
       739: time() = 1050509278
       739: putmsg(3, 0x080460B8, 0x080460AC, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046048) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046030) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046A00) = 0
       739: time() = 1050509278
       739: putmsg(3, 0x080460B8, 0x080460AC, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046048) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046030) = 0
       739: close(4) = 0
       739: stat64("/etc/pam.conf", 0x08046B84) = 0
       739: open("/etc/pam.conf", O_RDONLY) = 4
       739: mmap(0x00000000, 2080, PROT_READ, MAP_PRIVATE, 4, 0) = 0xDFA50000
       739: munmap(0xDFA50000, 2080) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046B04) = 0
       739: time() = 1050509278
       739: putmsg(3, 0x080461BC, 0x080461B0, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x0804614C) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046134) = 0
       739: close(4) = 0
       739: uname(0x08063F60) = 1
       739: fxstat(2, 3, 0x08046B04) = 0
       739: time() = 1050509278
       739: putmsg(3, 0x080461BC, 0x080461B0, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x0804614C) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046134) = 0
       739: close(4) = 0
       739: auditsys(BSM_AUDITCTL, 0x00000014, 0x08046D3C, 0x00000004) = 0
       739: open("/etc/nsswitch.conf", O_RDONLY) = 4
       739: fstat64(4, 0x08046B40) = 0
       739: brk(0x08068E80) = 0
       739: brk(0x0806AE80) = 0
       739: ioctl(4, TCGETA, 0x08046B14) Err#25 ENOTTY
       739: read(4, " #\n # / e t c / n s s".., 8192) = 784
       739: read(4, 0x08067B34, 8192) = 0
       739: llseek(4, 0, SEEK_CUR) = 784
       739: close(4) = 0
       739: open("/usr/lib/nss_files.so.1", O_RDONLY) = 4
       739: fxstat(2, 4, 0x08046608) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0xDFA50000
       739: mmap(0x00000000, 90112, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0xDF8F0000
       739: mmap(0xDF905000, 1204, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 20480) = 0xDF905000
       739: munmap(0xDF8F5000, 65536) = 0
       739: memcntl(0xDF8F0000, 5664, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(4) = 0
       739: munmap(0xDFA50000, 4096) = 0
       739: open("/etc/shadow", O_RDONLY) = 4
       739: fstat64(4, 0x08046B70) = 0
       739: brk(0x0806AE80) = 0
       739: brk(0x0806CE80) = 0
       739: ioctl(4, TCGETA, 0x08046B44) Err#25 ENOTTY
       739: read(4, " r o o t : z 6 / w G K S".., 8192) = 191
       739: llseek(4, 0xFFFFFFFFFFFFFFEF, SEEK_CUR) = 174
       739: close(4) = 0
       739: auditsys(35, 0xDFB626D8, 0x00000028, 0xDFB60000) = 0
       739: auditsys(35, 0x08046D1C, 0x00000028, 0xDFB60000) = 0
       739: getuid() = 0 [0]
       739: getgid() = 0 [0]
       739: getuid() = 0 [0]
       739: getgid() = 0 [0]
       739: getpid() = 739 [738]
       739: fxstat(2, 3, 0x08046CC8) = 0
       739: sigaction(SIGQUIT, 0x08046CB8, 0x08046D14) = 0
       739: sigaction(SIGINT, 0x08046CB8, 0x08046D14) = 0
       739: open64("/etc/.name_service_door", O_RDONLY) = 4
       739: fcntl(4, F_SETFD, 0x00000001) = 0
       739: door_info(4, 0xDF9FA1B8) Err#9 EBADF
       739: close(4) = 0
       739: open("/etc/passwd", O_RDONLY) = 4
       739: fstat64(4, 0x08046638) = 0
       739: ioctl(4, TCGETA, 0x0804660C) Err#25 ENOTTY
       739: read(4, " r o o t : x : 0 : 0 : S".., 8192) = 274
       739: llseek(4, 0xFFFFFFFFFFFFFFCE, SEEK_CUR) = 224
       739: close(4) = 0
       739: getuid() = 0 [0]
       739: open("/etc/security/audit_control", O_RDONLY) = 4
       739: llseek(4, 0, SEEK_CUR) = 0
       739: llseek(4, 0, SEEK_SET) = 0
       739: fstat64(4, 0x080468C4) = 0
       739: ioctl(4, TCGETA, 0x08046898) Err#25 ENOTTY
       739: read(4, " #\n # C o p y r i g h".., 8192) = 156
       739: open("/etc/security/audit_class", O_RDONLY) = 5
       739: fstat64(5, 0x080468B8) = 0
       739: brk(0x0806CE80) = 0
       739: brk(0x0806EE80) = 0
       739: ioctl(5, TCGETA, 0x0804688C) Err#25 ENOTTY
       739: read(5, " #\n # C o p y r i g h".., 8192) = 728
       739: read(5, 0x0806BF5C, 8192) = 0
       739: llseek(5, 0, SEEK_CUR) = 728
       739: close(5) = 0
       739: open("/etc/security/audit_class", O_RDONLY) = 5
       739: fstat64(5, 0x08046780) = 0
       739: ioctl(5, TCGETA, 0x08046754) Err#25 ENOTTY
       739: read(5, " #\n # C o p y r i g h".., 8192) = 728
       739: read(5, 0x0806C054, 8192) = 0
       739: llseek(5, 0, SEEK_CUR) = 728
       739: close(5) = 0
       739: llseek(4, 0xFFFFFFFFFFFFFFEA, SEEK_CUR) = 134
       739: close(4) = 0
       739: open("/etc/security/audit_user", O_RDONLY) = 4
       739: open("/etc/security/audit_user", O_RDONLY) = 5
       739: fstat64(5, 0x08046538) = 0
       739: ioctl(5, TCGETA, 0x0804650C) Err#25 ENOTTY
       739: read(5, " #\n # C o p y r i g h".., 8192) = 188
       739: read(5, 0x08069F4C, 8192) = 0
       739: llseek(5, 0, SEEK_CUR) = 188
       739: close(5) = 0
       739: llseek(4, 0, SEEK_CUR) = 0
       739: close(4) = 0
       739: auditsys(36, 0xDFB626D8, 0x00000028, 0xDFB60000) = 0
       739: open64("/etc/.name_service_door", O_RDONLY) = 4
       739: fcntl(4, F_SETFD, 0x00000001) = 0
       739: door_info(4, 0xDF9FA1B8) Err#9 EBADF
       739: close(4) = 0
       739: open("/etc/passwd", O_RDONLY) = 4
       739: fstat64(4, 0x0804647C) = 0
       739: ioctl(4, TCGETA, 0x08046450) Err#25 ENOTTY
       739: read(4, " r o o t : x : 0 : 0 : S".., 8192) = 274
       739: llseek(4, 0xFFFFFFFFFFFFFF13, SEEK_CUR) = 37
       739: close(4) = 0
       739: auditsys(35, 0x08046BBC, 0x00000028, 0xDFB60000) = 0
       739: open("/etc/security/audit_event", O_RDONLY) = 4
       739: fstat64(4, 0x08046938) = 0
       739: ioctl(4, TCGETA, 0x0804690C) Err#25 ENOTTY
       739: read(4, " #\n # C o p y r i g h".., 8192) = 8192
       739: read(4, " d c t l ( 2 ) - l o".., 8192) = 2659
       739: read(4, 0x08069F4C, 8192) = 0
       739: llseek(4, 0, SEEK_CUR) = 10851
       739: close(4) = 0
       739: open("/etc/security/audit_event", O_RDONLY) = 4
       739: fstat64(4, 0x08046938) = 0
       739: ioctl(4, TCGETA, 0x0804690C) Err#25 ENOTTY
       739: read(4, " #\n # C o p y r i g h".., 8192) = 8192
       739: read(4, " d c t l ( 2 ) - l o".., 8192) = 2659
       739: read(4, 0x08069F4C, 8192) = 0
       739: llseek(4, 0, SEEK_CUR) = 10851
       739: close(4) = 0
       739: gettimeofday(0x08046BC8) = 0
       739: auditsys(BSM_AUDIT, 0x080671F0, 0x00000058, 0xDFB60000) = 0
       739: getuid() = 0 [0]
       739: fxstat(2, 3, 0x08046B1C) = 0
       739: time() = 1050509280
       739: putmsg(3, 0x080461D4, 0x080461C8, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046164) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x0804614C) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046CD4) = 0
       739: close(3) = 0
       739: sigaction(SIGQUIT, 0x08046CB8, 0x08046D14) = 0
       739: sigaction(SIGINT, 0x08046CB8, 0x08046D14) = 0
       739: open64("/etc/.name_service_door", O_RDONLY) = 3
       739: fcntl(3, F_SETFD, 0x00000001) = 0
       739: door_info(3, 0xDF9FA1B8) Err#9 EBADF
       739: close(3) = 0
       739: open("/etc/user_attr", O_RDONLY) = 3
       739: fstat64(3, 0x080462A0) = 0
       739: ioctl(3, TCGETA, 0x08046274) Err#25 ENOTTY
       739: read(3, " # C o p y r i g h t ".., 8192) = 271
       739: read(3, 0x0806C054, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 271
       739: close(3) = 0
       739: open("/etc/project", O_RDONLY) = 3
       739: fstat64(3, 0x080469E8) = 0
       739: ioctl(3, TCGETA, 0x080469BC) Err#25 ENOTTY
       739: read(3, " s y s t e m : 0 : : : :".., 8192) = 78
       739: read(3, 0x0806C054, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 78
       739: close(3) = 0
       739: open64("/etc/.name_service_door", O_RDONLY) = 3
       739: fcntl(3, F_SETFD, 0x00000001) = 0
       739: door_info(3, 0xDF9FA1B8) Err#9 EBADF
       739: close(3) = 0
       739: open("/etc/passwd", O_RDONLY) = 3
       739: fstat64(3, 0x0804656C) = 0
       739: ioctl(3, TCGETA, 0x08046540) Err#25 ENOTTY
       739: read(3, " r o o t : x : 0 : 0 : S".., 8192) = 274
       739: llseek(3, 0xFFFFFFFFFFFFFFCE, SEEK_CUR) = 224
       739: close(3) = 0
       739: open64("/etc/.name_service_door", O_RDONLY) = 3
       739: fcntl(3, F_SETFD, 0x00000001) = 0
       739: door_info(3, 0xDF9FA1B8) Err#9 EBADF
       739: close(3) = 0
       739: open("/etc/group", O_RDONLY) = 3
       739: fstat64(3, 0x0804496C) = 0
       739: ioctl(3, TCGETA, 0x08044940) Err#25 ENOTTY
       739: read(3, " r o o t : : 0 : r o o t".., 8192) = 146
       739: llseek(3, 0, SEEK_CUR) = 146
       739: close(3) = 0
       739: open("/etc/project", O_RDONLY) = 3
       739: fstat64(3, 0x080469E8) = 0
       739: ioctl(3, TCGETA, 0x080469BC) Err#25 ENOTTY
       739: read(3, " s y s t e m : 0 : : : :".., 8192) = 78
       739: read(3, 0x0806C054, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 78
       739: close(3) = 0
       debug2: channel 0: window 32433 sent adjust 33103
       739: open("/etc/project", O_RDONLY) = 3
       739: fstat64(3, 0x080469E8) = 0
       739: ioctl(3, TCGETA, 0x080469BC) Err#25 ENOTTY
       739: read(3, " s y s t e m : 0 : : : :".., 8192) = 78
       739: llseek(3, 0xFFFFFFFFFFFFFFED, SEEK_CUR) = 59
       739: close(3) = 0
       739: settaskid(3, 0x00000000) = 44
       739: open("/var/adm/sulog", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
       739: llseek(3, 0, SEEK_END) = 2236
       739: time() = 1050509281
       739: fstat64(3, 0x08046018) = 0
       739: ioctl(3, TCGETA, 0x08045FEC) Err#25 ENOTTY
       739: write(3, " S U 0 4 / 1 6 1 8 :".., 35) = 35
       739: close(3) = 0
       739: setgid(3333) = 0
       739: sysconfig(_CONFIG_NGROUPS) = 16
       739: open("/etc/group", O_RDONLY) = 3
       739: fstat64(3, 0x08046BA8) = 0
       739: ioctl(3, TCGETA, 0x08046B7C) Err#25 ENOTTY
       739: read(3, " r o o t : : 0 : r o o t".., 8192) = 146
       739: brk(0x0806EE80) = 0
       739: brk(0x08070E80) = 0
       739: read(3, 0x0806C09C, 8192) = 0
       739: llseek(3, 0, SEEK_CUR) = 146
       739: close(3) = 0
       739: setgroups(1, 0x0806C050) = 0
       739: getpid() = 739 [738]
       739: open("/proc/739/psinfo", O_RDONLY) = 3
       739: read(3, "C8 F\01801\0\0\0E302\0\0".., 336) = 336
       739: close(3) = 0
       739: fxstat(2, -1, 0x080460CC) Err#9 EBADF
       739: open("/dev/conslog", O_WRONLY) = 3
       739: fcntl(3, F_SETFD, 0x00000001) = 0
       739: fxstat(2, 3, 0x080460CC) = 0
       739: fxstat(2, 3, 0x08046AE8) = 0
       739: time() = 1050509281
       739: getpid() = 739 [738]
       739: putmsg(3, 0x080461A0, 0x08046194, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046130) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x08046118) = 0
       739: close(4) = 0
       739: fxstat(2, 3, 0x08046AB8) = 0
       739: time() = 1050509281
       739: getpid() = 739 [738]
       739: putmsg(3, 0x08046170, 0x08046164, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x08046100) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x080460E8) = 0
       739: close(4) = 0
       739: stat64("/usr/lib/security/pam_unix.so.1", 0x08046C58) = 0
       739: open("/usr/lib/security/pam_unix.so.1", O_RDONLY) = 4
       739: fxstat(2, 4, 0x08046648) = 0
       739: mmap(0x00000000, 4096, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0xDFA50000
       739: mmap(0x00000000, 159744, PROT_READ|PROT_EXEC, MAP_PRIVATE, 4, 0) = 0xDF8C0000
       739: mmap(0xDF8E3000, 14430, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 4, 77824) = 0xDF8E3000
       739: munmap(0xDF8D3000, 65536) = 0
       739: memcntl(0xDF8C0000, 11704, MC_ADVISE, MADV_WILLNEED, 0, 0) = 0
       739: close(4) = 0
       739: munmap(0xDFA50000, 4096) = 0
       739: fxstat(2, 3, 0x08046A9C) = 0
       739: time() = 1050509282
       739: getpid() = 739 [738]
       739: putmsg(3, 0x08046154, 0x08046148, 0) = 0
       739: open("/var/run/syslog_door", O_RDONLY) = 4
       739: door_info(4, 0x080460E4) = 0
       739: getpid() = 739 [738]
       739: door_call(4, 0x080460CC) = 0
       739: close(4) = 0
       739: setuid(3333) = 0
       739: chdir("/tmp") Err#13 EACCES
       No directory!
       739: write(2, " N o d i r e c t o r y".., 14) = 14
       739: mmap(0x00000000, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANON, -1, 0) = 0xDFA50000
       739: munmap(0xDFA50000, 4096) = 0
       739: llseek(0, 0, SEEK_CUR) = 36065
       739: _exit(1)


  • Next message: Gideon Rasmussen CISSP: "Expanded Solaris Security"

    Relevant Pages

    • Unable to su on firewall
      ... system SUNWos86r Platform Support, OS Functionality (Root) ... system SUNWos86u Platform Support, OS Functionality (Usr) ... system SUNWrmodr Realmode Modules, ...
      (SunManagers)
    • Solaris Sparc 9 12/3 Core ./installer failing due Java?
      ... system SUNWadmr System & Network Administration Root ... system SUNWapchd Apache Web Server Documentation ... system SUNWapchu Apache Web Server (usr) ... system SUNWaudd Audio Drivers ...
      (comp.unix.solaris)
    • Re: Install SunOne Application Server
      ... system SUNWadmj Admin/Install Java Extension Libraries ... system SUNWadmr System & Network Administration Root ... system SUNWcslx Core Solaris Libraries ... system SUNWcsxu Core Solaris (Usr) ...
      (comp.unix.solaris)
    • minimal installations / flash archives and oracle install issues
      ... The Flash archive was built from a core install + some additional ... identification libraries ... Administration Root ... Library (Usr) ...
      (comp.unix.solaris)
    • Re: Query - Regarding strange behaviour.
      ... [root@test usr]# cp bin testbin ... cp: omitting directory `bin' ... >> part which i felt is ...its shows the owner and group as root when i ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)