Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: IRIX 5.2 Security Advisory - Mystery Solved

Re: IRIX 5.2 Security Advisory - Mystery Solved

Martin Hargreaves (mjh25920ggr.co.uk)
Wed, 10 Aug 1994 15:02:48 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Phil Cox: "IRIX 5.2 security problem"
Previous message: Timothy Newsham: "Re: PINGWARE"
In reply to: Jim Littlefield: "Re: IRIX 5.2 Security Advisory - Mystery Solved"

On Wed, 10 Aug 1994, Jim Littlefield wrote:
 
> The only time the hole can be exploited is when sgihelp is running as root.
> Clogin runs as root, of course. It may be possible to do the same thing via the
> "System Manager" functions, although I have not checked (yet).

	/usr/sbin/PrintStatus runs suid root, and calls sgihelp. F1 isn't 
needed you can just hit the help button.

	Martin.


 Martin Hargreaves       |  mjh25920ggr.co.uk 
 Computational Chemist   |  ch11mhsurrey.ac.uk
 Glaxo  R & D 		 |  No problem is so large that 
 & Surrey University	 |  we can't fit it in somewhere

Next message: Phil Cox: "IRIX 5.2 security problem"
Previous message: Timothy Newsham: "Re: PINGWARE"
In reply to: Jim Littlefield: "Re: IRIX 5.2 Security Advisory - Mystery Solved"