Hi,
FWIW, here are two releases from Marco that might shed more light:
https://techblog.mediaservice.net/2020/01/local-privilege-escalation-via-cde-dtsession/
https://github.com/0xdea/advisories/blob/master/2020-02-cde-dtsession.txt
which includes a link to the Solaris POC.
-jon
On 1/14/20 5:
Jon this whole situation with Solaris having it's own code base which
goes back to 1.x. I'm curious if that is why there are a lot of tools and
utils (mostly ones starting with "sd") which aren't part of the open
source version?
Ie.. they must have made those tools specifically for their v
On 1/15/20 3:04 PM, Swift Griggs wrote:
>
> Jon this whole situation with Solaris having it's own code base which
> goes back to 1.x. I'm curious if that is why there are a lot of tools
> and utils (mostly ones starting with "sd") which aren't part of the
> open source version?
>
Yes - Sun used t
Now that we have a contact with CERT, could we ask them if VU#179804 and
CA-1999-08 from the wiki still apply to our code?
Thank you for your time,
-Chase
‐‐‐ Original Message ‐‐‐
On Wednesday, January 15, 2020 4:11 PM, Jon Trulson wrote:
> On 1/15/20 3:04 PM, Swift Griggs wrote:
>
>>
>
> Also, what was the deal back in the OpenSolaris days before Oracle killed it?
> Did that codebase have CDE? I also wonder about Illumos. Do they still have a
> CDE codebase, too? I'm guessing Sun just didn't release it with the rest of
> the code.
Sun didn't have the rights to release CD
On 1/15/20 5:41 PM, Richard L. Hamilton wrote:
> I think I once compiled a non-recent version of open-source CDE for Solaris
> 11 (SPARC), and it mostly worked, although dtmail was definitely unusable.
dtmail is useless. So much work would need to go into it ,to bring it
up to modern standards,
I vote in favor of retiring dtmail.
On Wednesday, January 15, 2020, Jon Trulson wrote:
> On 1/15/20 5:41 PM, Richard L. Hamilton wrote:
>
> I think I once compiled a non-recent version of open-source CDE for Solaris
> 11 (SPARC), and it mostly worked, although dtmail was definitely unusable.
>
I'm probably the only one that would actually use it. Building Motif apps
from scratch is a tedious process.
On Wed, 15 Jan 2020 at 20:34, Christopher Turkel <
turkel.christop...@gmail.com> wrote:
> I vote in favor of retiring dtmail.
>
> On Wednesday, January 15, 2020, Jon Trulson wrote:
>
>> O
