Bugtraq mailing list archives

Re: IRIX 5.2 Security Advisory - Mystery Solved

From: little () ragnarok hks com (Jim Littlefield)
Date: Wed, 10 Aug 1994 08:05:34 -0400


On Aug 9,  6:10pm, Paul Walmsley wrote:
:
: Found it.

You beat me to it...but not my much.

:
: The hole is essentially caused by two oversights in the SGI Help system
: - one being X accelerators (or keyboard shortcuts), the other being
: sgihelp's use of system() to pipe printer output elsewhere.

The only time the hole can be exploited is when sgihelp is running as root.
Clogin runs as root, of course. It may be possible to do the same thing via the
"System Manager" functions, although I have not checked (yet).

-- 

Jim Littlefield  <little () hks com>      I prefer caffeine free, clear, diet Jolt.

Current thread:

Re: IRIX 5.2 Security Advisory - Mystery Solved Jim Littlefield (Aug 10)
- Re: IRIX 5.2 Security Advisory - Mystery Solved Martin Hargreaves (Aug 10)
- IRIX 5.2 security problem Phil Cox (Aug 10)
  - Re: IRIX 5.2 security problem Jim Littlefield (Aug 11)
  - Firewall tools for VMS? Andrew T. Rodnite (Aug 11)
  - Archive?/sendmail holes?/rdist hole? Andrew T. Rodnite (Aug 11)
- Solaris 2.3 login Jas (Aug 10)
- <Possible follow-ups>
- Re: IRIX 5.2 Security Advisory - Mystery Solved Martin Hargreaves (Aug 11)