Bugtraq mailing list archives

Re: IRIX: Bug in startmidi

From: nafees () STONO CS COFC EDU (Nafees Bin Zafar)
Date: Sun, 9 Feb 1997 15:49:49 -0500


On Sun, 9 Feb 1997, David Hedley wrote:

Whilst browsing around the filesystem on my SGI (running IRIX 5.3), I
noticed a little suid-root program called 'startmidi' which hides in
/usr/sbin. When run, this program creates various files in /tmp. You
guessed it, it respects umask and follows symlinks. Comme ca:


[ ...deletia... ]
--

I was not able to reproduce this phenomenon in irix 6.2 or irix 6.3.
'startmidi' creates a file in /tmp called "midififo", however if a file,
or symlink, exists there already, it simply erases it.  The newly
created "midififo" is owned by root, and only root has any kind of
permissions on it.  It does not follow sym links.

                                                ------Nafees Bin Zafar
                                                <binzafn () musc edu>
                                                <nafees () cs cofc edu>

                http://www.cs.cofc.edu/~nafees
                 "I think, therefore I think"

Current thread:

Re: [linux-security] Re: Linux virus, (continued)
- - Re: [linux-security] Re: Linux virus Leejay Wu (Feb 05)
- bliss version 0.4.0 nobody () INTERNIC NET (Feb 05)
- HPSBUX9702-052 Security Vulnerability in the rlogin executable Aleph One (Feb 05)
- [linux-security] Re: Linux virus Aleph One (Feb 06)
- setlocale() bug in all released versions of FreeBSD (SA-97:01) Aleph One (Feb 06)
- Wierd behavior of MS's NT4 DNS Jason T. Luttgens (Feb 07)
- New OFFICIAL patch for BSD/OS 2.1 (*SECURITY*) (fwd) Josh Gilliam (Feb 07)
- Bliss: The Facts Jared Mauch (Feb 08)
- view-source myst (Feb 08)
- IRIX: Bug in startmidi David Hedley (Feb 09)
  - Re: IRIX: Bug in startmidi Nafees Bin Zafar (Feb 09)
  - Security Advisory: A simple TCP spoofing attack Oliver Friedrichs (Feb 09)
    - Re: Security Advisory: A simple TCP spoofing attack Wietse Venema (Feb 12)
    - buffer overflow in configurable fingerd? M Shariful Anam (Feb 12)
    - Re: buffer overflow in configurable fingerd? Ken Hollis (Feb 12)
    - Security Bulletins Digest Aleph One (Feb 13)
    - Linux NLSPATH buffer overflow solar () IDEAL RU (Feb 13)
    - Re: Linux NLSPATH buffer overflow Alan Cox (Feb 14)
    - CIAC Bulletin H-27: HP-UX vgdisplay Buffer Overrun Vulnerability Aleph One (Feb 15)
    - screen 3.05.02 Khelbin Sunvold (Feb 15)
    - Re: screen 3.05.02 test (Feb 16)

(Thread continues...)