Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: IRIX 5.2 Security Advisory - Mystery Solved

Re: IRIX 5.2 Security Advisory - Mystery Solved

Jim Littlefield (littleragnarok.hks.com)
Wed, 10 Aug 1994 08:05:34 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: IRIX 5.2 Security Advisory"
Previous message: Bob Vickers: "Re: IRIX 5.2 Security Advisory"
Next in thread: Martin Hargreaves: "Re: IRIX 5.2 Security Advisory - Mystery Solved"

On Aug 9,  6:10pm, Paul Walmsley wrote:
:
: Found it.

You beat me to it...but not my much.

:
: The hole is essentially caused by two oversights in the SGI Help system
: - one being X accelerators (or keyboard shortcuts), the other being
: sgihelp's use of system() to pipe printer output elsewhere.

The only time the hole can be exploited is when sgihelp is running as root.
Clogin runs as root, of course. It may be possible to do the same thing via the
"System Manager" functions, although I have not checked (yet).

-- 

Jim Littlefield  <littlehks.com>      I prefer caffeine free, clear, diet Jolt.

Next message: Perry E. Metzger: "Re: IRIX 5.2 Security Advisory"
Previous message: Bob Vickers: "Re: IRIX 5.2 Security Advisory"
Next in thread: Martin Hargreaves: "Re: IRIX 5.2 Security Advisory - Mystery Solved"