For anybody who is interested, a clever sunmanagers.org reader described a way to solve this problem without a reboot (but I found out after I had already rebooted to fix the problem.) > Even though, I had lost the ability to log in as root or any > other user into the global zone, a few suggested renaming the file > from a NFS client with root access to /usr/lib (but I was not sharing > that filesystem) or getting root access via another program (such as > modifing a script run by root's crontab.) But, the lack of libxml2.so > seemed to have also shut down cron (even through "svcs cron" reported it > was still online and neither /var/svc/log/system-cron:default.log nor > /var/adm/messages had errors.) The broken server was already exporting several NFS filesystems (and "nosetuid" NFS option was NOT set). I logged into one of the NFS client systems as root and created either of these programs and chown root + chmod 4755 (to make them setuid-root on execution): In perl: #!/usr/bin/perl $> = 0; $< = 0; $ENV{PATH}="/usr/bin"; system("/bin/sh"); In C: main() { setuid(0); seteuid(0); system("/bin/sh"); } Now, back on the broken system/NFS server, I just needed to execute either program to get a root shell. I duplicated my original problem on a test system and was able to successfully gain root access. Amazing! This tip courtesy of to "James W. Abendschan" <jwa#AT#jammed(DOT)com> I hope I never need to do something like that again. Thanks also for a reminder to have a healthy respect for ways to workaround system security using NFS! Also, I had unkind words about system recovery: > Even though I did not use the failsafe kernel, I dread having to use > it. Since I use Solaris Volume Manager to mirror the root filesystem, > the failsafe kernel complains that it cannot mount it on /a. So, what > good is this for me? If I cannot mount the root filesystem directly, > I would need to do all of this: Hidden in the Solaris documentation is a clear description of how to mount a SVM mirrored filesystem on a Solaris 10 system: http://docs.sun.com/app/docs/doc/816-4520/6manpieqm?a=viewo (warning: outrageously slow docs.sun.com site!) You still need to know ahead of time a disk slice containing at least one side of your root filesystem mirror (or use format to examine disks and take a guess.) But, using "update_drv" works better than the procedure I described earlier. It works for both x86 and SPARC versions of Solaris. If you are using x86 Solaris with GRUB boot menu and want to boot to single-user mode and forgot to restart your system with "reboot -- -s", then you can wait until the GRUB menu appears and edit the entry that boots the system. Press the "e" key to edit, then modify the "kernel" line to add a "-s" to it, then select it to be booted and it will boot to the single-user milestone. Thanks also to: Brad Morrison <brad.morrison*AT*gmail^DOT^com> Dan Lorenzini <lorenzd$AT$gcm&DOT&com> _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Thu Jun 28 11:03:39 2007
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:06 EST