Large security hole in SGI IRIX 5.2

[glaze () rclsgi eng ohio-state edu (Larry Glaze)]

We have discovered a large hole in SGI IRIX 5.2.  It deals with the desktop
tool /usr/lib/desktop/permissions.  Use of this tool in a certain way will
allow any user to modify any file on the system.  I have fixed the hole
temporarily on our system by removing the suid root and sgid sys bits on the
/usr/lib/desktop/permissions file.  I would advise anyone running IRIX 5.2 to
do the same or to completely disallow non-root users execute priveldge of the
tool.  This problem does not exist in IRIX 5.3 or any versions previous to 5.0.
I do not have any 5.0.* or 5.1.* systems so I can't verify if the problem
exists there as well.  

CERT and SGI have both been notified of the problem.  SGI is looking into it
(who knows if they will do anything about it).

I want to give admins some time to change the priveldges on the permissions
tool so I am waiting until Monday morning (when I get to work) to post the
exploit of this hole.

Thanks,
Larry
-- 
Larry Glaze                             |       "...Life's a bummer..." 
The Ohio State University               |               --Smashing Pumpkins
glaze.6 () osu edu                              |
http://rclsgi.eng.ohio-state.edu/~glaze |All opinions are my own, blah, blah...