Bugtraq mailing list archives
Re: Large security hole in SGI IRIX 5.2
From: softtest () wu1 wl aecl ca (Software Test Account)
Date: Tue, 07 Mar 1995 09:42:08 -0600 (CST)
On Fri, 3 Mar 1995, Christian A. Ratliff wrote:
On Thu, 2 Mar 1995 14:03:03 -0500 (EST) Larry Glaze wrote:I want to give admins some time to change the priveldges on the permissions tool so I am waiting until Monday morning (when I get to work) to post the exploit of this hole.bugtraq is a FULL disclosure list. The hole comes from the authentication being at the _dirview_ (an SGI directory browser) level. You can only pull up 'permissions' when the menu item is not grayed out. If you run 'permissions' by hand, you eliminate that check and have root access to the permissions on an file. Turning the setuid/setgid bit off is a perfectly sensible solution to this problem, and it is beyond me why that wasn't the default permissions.
I attempted to verify this problem on one of our SGI IRIX 5.2 boxes and found that with or without the sgid/suid bits set and from dirview or from the command line -- the permissions routine prompts you for a name and password of a priveledged user. I didn't check to see if password attempts were logged, but permissions seems pretty secure to me. Erik ____ _____ _______ __ Erik Lindquist / _ | / ___/ / _____/ / / Systems Administrator / /_| | / /__ / / / / AECL Whiteshell Laboratories / __ | / ___/ / / / / VOICE: (204) 753-2311x3145 / / | | / /____ / /_____ / /_____ FAX: (204) 753-2455 /_/ |_| /______/ /_______/ /________/ E-mail: lindquie () wu1 wl aecl ca
Current thread:
- Re: Re[2]: snooper watchers fast forward futurama (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 02)
- Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 02)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Software Test Account (Mar 07)
- Re: Large security hole in SGI IRIX 5.2 Steve Robbins (Mar 10)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- <Possible follow-ups>
- Re: Re[2]: snooper watchers F. L. Charles Seeger III (Mar 01)
- Re: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers whatever happened to my fighting fighting lightning lioness? (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 03)