Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Large security hole in SGI IRIX 5.2

From: ratlifc () indikos ctron com (Christian A. Ratliff)
Date: Fri, 03 Mar 1995 08:17:11 -0500

On Thu, 2 Mar 1995 14:03:03 -0500 (EST)  Larry Glaze wrote:

I want to give admins some time to change the priveldges on the permissions
tool so I am waiting until Monday morning (when I get to work) to post the
exploit of this hole.


  bugtraq is a FULL disclosure list.

  The hole comes from the authentication being at the _dirview_ (an SGI 
directory browser) level. You can only pull up 'permissions' when the menu 
item is not grayed out. If you run 'permissions' by hand, you eliminate 
that check and have root access to the permissions on an file.
  Turning the setuid/setgid bit off is a perfectly sensible solution to 
this problem, and it is beyond me why that wasn't the default permissions.

christian

-----
Christian A. Ratliff
Work: <ratlifc () ctron com> (NeXTmail and MIME okay)
<a href="http://indikos/~ratlifc";>Cabletron Home Page</a>
Home: <ratlifc () biddeford com>
<a href="http://www.biddeford.com/~ratlifc/";>External Home Page</a>
Previous By Date Next
Previous By Thread Next

Current thread: