Solaris privilege esaclation from the PROM monitor

I've managed to screw up my runtime linker configuration on my workstation.

It would be remarkably helpful if someone could remember the thing where you can escalate the privileges of a certain process from the prom so that I can delete the bogus /var/ld/ld.config file and make things work again.

If anyone can find it or remembers it, I'd be much appreciative. I don't really feel like shutting the machine down hard. (Basically I can only run statically linked binaries. I can set LD_LIBRARY_PATH back to /usr/lib, but I can't do that for any process that's suid, so I can't be root.)

In the meantime, I'm going to lunch.

Really wish I could help, but all I could turn up was info that this procedure is covered in some certification exam from Sun. Specificially CX-310-301, and I can't find an online study guide for it.

All my experience with Solaris is either remote to a Sun box (long ago), or on Intel platforms. My experience with Open Firmware is only on Apple machine.

I am not really sure what you are looking for? You mention the prom, but I assume you are not talking boot prom at this stage. Can you be a little more specific?

I understand you are trying to delete a bogus file, but cannot do it with a symbolicly linked command. Can you use a copy con or other editor (your choice) to overwrite the file? Are you root now?

There is a manner in which one can find the process space of a running process, enter the OpenBoot PROM and modify the memory at that space so that it you can checnge the ownership of the process. I may have read it in a 2600, now that I think of it.

If anyone can find it or remembers it, I'd be much appreciative. I don't really feel like shutting the machine down hard. (Basically I can only run statically linked binaries. I can set LD_LIBRARY_PATH back to /usr/lib, but I can't do that for any process that's suid, so I can't be root.)

Move it out of the way with /usr/sbin/static/mv?

But I'm not root.

Found it.

FORTH Hacking on Sparc Hardware

It might be possible to modify the process ownership by changing the user ID in the /proc directory... Hmm... Thinking...

NEAT!!! Of course, I would trigger tons of alarms if I tried that here...

Of course, I mistyped one character and screwed it up. Kinda like how I got to this point in the first place.

Oh, well. My ufs logging filesystems are currently grinding the crap out of my drives....

Edit: Now that my drives are done rolling back, I tried it again and it worked right. The zsh I modified even noticed and changed the prompt from `%' to `#'. Neat.

What I typed wrong was ``hex 0 300007dcba9 4 + l!''. I accidentally typed ``hex 0 300007dcba9 f + l!''. (Damn head thinking ``four'' instead of ``4''.) It told me that the alignment was invalid in some manner, so I tried again correctly, but it was already screwed by that point. A ``go'' just hung the machine. I couldn't even get back to the prom.

Damn. And I only just now noticed that I misspelled escalation in the thread title. I should just go home.

I should just go home.

Sounds like someone's got a case of the Tuesdays.

I was having one earlier today, and that's exactly what I did. Went home, took an hour nap, and came back to work. So I'll have to stay a little later, but at least I'll be somewhat productive.

Let's not forget the construction going on about ten feet from me, where, amongst other noisy activities, they're cutting metal studs with power saws and using gunpowder-actuated concrete nailers, which is like having .22-caliber handguns going off. Then there's the incessant beeping coming from the hardware CD copier of the guy that's not here today.

We've secretly replaced Bitt with link-happy CmdrTaco of Slashdot fame. Let's see if anyone notices the difference...

Damn is that ever cool. Makes me feel like a seriously wimpy geek, though...

Just thank your lucky stars I didn't link ``incessant beeping''.

That'll be easy - Just look out for a new thread appearing in the near future;

"Hacking Forth to get root on Sun machines. [Edit: Dupe]"

So you just need a static setuid binary and it will all be fine. Too bad su isn't static, despite my best efforts on behalf of my own su. So I'll just shut up.

Yeah. In their infinite wisdom, Sun decided that we didn't really need those static binaries anymore. Assholes. Pointless to make multiple partitions now, too.

Yeah. In their infinite wisdom, Sun decided that we didn't really need those static binaries anymore.

Well, it's hard to build a static su that supports pam and nss (or even just nss). On the other hand, I have the cheesy setuid binary, which is trivial to make static

But that doesn't help you.