Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: sigh. another Irix 5.2 hole.

sigh. another Irix 5.2 hole.

anthony baxter (anthony.baxteraaii.oz.au)
Tue, 07 Mar 1995 15:26:14 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike Shaver: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Previous message: der Mouse: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Next in thread: Paul 'Shag' Walmsley: "Re: sigh. another Irix 5.2 hole."

/usr/sbin/colorview is setuid root, and takes a -text filename 
option. It reads this as root, and can read any file on the system.
And, as an added bonus, it gives you a nice little widget with a 
scrollbar on it so you can page through the file.

rah rah rah guys.

Note for all vendors: DONT MAKE THINGS SETUID UNNECESSARILY.

Oh, and SGI: the fix is _not_ to make it check "hey, I can't read
that file normally, lets prompt them for the root password" -
it's to take the setuid bit away from it. I've been told that
/usr/lib/desktop/permissions, although minus the recent bug, is still
setuid root on Irix 5.3. Wonderful.

Anthony

Next message: Mike Shaver: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Previous message: der Mouse: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Next in thread: Paul 'Shag' Walmsley: "Re: sigh. another Irix 5.2 hole."