Bugtraq mailing list archives
how not to ship an O/S - more on Irix 5.2
From: anthony.baxter () aaii oz au (anthony baxter)
Date: Tue, 07 Mar 1995 16:21:08 +1000
Now, who can pick the dangerous habit here: First, Irix 5.2's setmon(1G) man page: setmon changes the video output format to the one specified; it also specifies the default video format to be used at system power-up or graphics initialization. setmon should be invoked after you have acquired root privileges. Next, setmon, as shipped: -r-sr-xr-x 1 root sys 117840 Mar 5 1994 /usr/gfx/setmon If it's only meant to be run by root, why give it the setuid bit? I'm also not going to ask why /usr/lib/addnetpr is setuid root, especially when a 'strings' on it reveals what seems to be very likely to be 'system()' or 'popen()' calls. (strings gives, in part: PRINTER %s -P%s I wonder what PRINTER="foo;/bin/rm /etc/passwd" would do) And yes, it has it's own security checks in it - but I'd feel much happier if the security checks were left to the operating system, where they belong - there's much less chance of screwing up, that way. I was going to continue looking at the different setuid programs, but this is getting too depressing. Look, just go through the system, take the setuid bit off each program that has it, check it still works, if it does, leave it off. If it's not going to be run by users, leave it off. It's not a difficult thing to do. Wish SGI had done it before shipping. Anthony
Current thread:
- Re: COPS reporting unrestricted NFS exports under Linux Karl Strickland (Mar 03)
- <Possible follow-ups>
- Re: COPS reporting unrestricted NFS exports under Linux Peter Sivo (Mar 05)
- Re: COPS reporting unrestricted NFS exports under Linux Patrick Horgan (Mar 05)
- Comments in /.rhosts (was Re: COPS reporting unrestricted NFS exports Christopher Samuel (Mar 07)
- Re: Re: COPS reporting unrestricted NFS exports under Linux Ed Arnold (Mar 06)
- Re: Re: COPS reporting unrestricted NFS exports under Linux Mike Shaver (Mar 06)
- how not to ship an O/S - more on Irix 5.2 anthony baxter (Mar 06)
- Re: Re: COPS reporting unrestricted NFS exports under Linux der Mouse (Mar 06)