FOLLOWUP to SUMMARY: Lost access to Solaris 10 11/06 after renaming /usr/lib/libxml2.so.2
- From: Doug Yatcilla <yatcilla@xxxxxxxxxx>
- Date: Thu, 28 Jun 2007 11:03:21 -0400
For anybody who is interested, a clever sunmanagers.org reader described a
way to solve this problem without a reboot (but I found out after I had already
rebooted to fix the problem.)
Even though, I had lost the ability to log in as root or any
other user into the global zone, a few suggested renaming the file
from a NFS client with root access to /usr/lib (but I was not sharing
that filesystem) or getting root access via another program (such as
modifing a script run by root's crontab.) But, the lack of libxml2.so
seemed to have also shut down cron (even through "svcs cron" reported it
was still online and neither /var/svc/log/system-cron:default.log nor
/var/adm/messages had errors.)
The broken server was already exporting several NFS filesystems (and
"nosetuid" NFS option was NOT set). I logged into one of the NFS
client systems as root and created either of these programs and chown
root + chmod 4755 (to make them setuid-root on execution):
In perl:
#!/usr/bin/perl
$> = 0;
$< = 0;
$ENV{PATH}="/usr/bin";
system("/bin/sh");
In C:
main() {
setuid(0);
seteuid(0);
system("/bin/sh");
}
Now, back on the broken system/NFS server, I just needed to execute
either program to get a root shell. I duplicated my original problem
on a test system and was able to successfully gain root access.
Amazing! This tip courtesy of to "James W. Abendschan" <jwa#AT#jammed(DOT)com>
I hope I never need to do something like that again. Thanks also for
a reminder to have a healthy respect for ways to workaround system
security using NFS!
Also, I had unkind words about system recovery:
Even though I did not use the failsafe kernel, I dread having to use
it. Since I use Solaris Volume Manager to mirror the root filesystem,
the failsafe kernel complains that it cannot mount it on /a. So, what
good is this for me? If I cannot mount the root filesystem directly,
I would need to do all of this:
Hidden in the Solaris documentation is a clear description of how to
mount a SVM mirrored filesystem on a Solaris 10 system:
http://docs.sun.com/app/docs/doc/816-4520/6manpieqm?a=viewo
(warning: outrageously slow docs.sun.com site!)
You still need to know ahead of time a disk slice containing at least
one side of your root filesystem mirror (or use format to examine
disks and take a guess.) But, using "update_drv" works better than
the procedure I described earlier. It works for both x86 and SPARC
versions of Solaris.
If you are using x86 Solaris with GRUB boot menu and want to boot to
single-user mode and forgot to restart your system with "reboot --
-s", then you can wait until the GRUB menu appears and edit the entry
that boots the system. Press the "e" key to edit, then modify the
"kernel" line to add a "-s" to it, then select it to be booted and it
will boot to the single-user milestone.
Thanks also to:
Brad Morrison <brad.morrison*AT*gmail^DOT^com>
Dan Lorenzini <lorenzd$AT$gcm&DOT&com>
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
- References:
- SUMMARY: Lost access to Solaris 10 11/06 after renaming /usr/lib/libxml2.so.2
- From: Doug Yatcilla
- SUMMARY: Lost access to Solaris 10 11/06 after renaming /usr/lib/libxml2.so.2
- Prev by Date: Sunfire V210: autoboot not working
- Next by Date: Summary: Installing Java Desktop
- Previous by thread: SUMMARY: Lost access to Solaris 10 11/06 after renaming /usr/lib/libxml2.so.2
- Next by thread: is this fixed in the upgrade
- Index(es):
Relevant Pages
|
|
