Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
how not to ship an O/S - more on Irix 5.2anthony baxter (anthony.baxteraaii.oz.au)
Tue, 07 Mar 1995 16:21:08 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Christopher Samuel: "Comments in /.rhosts (was Re: COPS reporting unrestricted NFS exports"
- Previous message: Mike Shaver: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Now, who can pick the dangerous habit here: First, Irix 5.2's setmon(1G) man page: setmon changes the video output format to the one specified; it also specifies the default video format to be used at system power-up or graphics initialization. setmon should be invoked after you have acquired root privileges. Next, setmon, as shipped: -r-sr-xr-x 1 root sys 117840 Mar 5 1994 /usr/gfx/setmon If it's only meant to be run by root, why give it the setuid bit? I'm also not going to ask why /usr/lib/addnetpr is setuid root, especially when a 'strings' on it reveals what seems to be very likely to be 'system()' or 'popen()' calls. (strings gives, in part: PRINTER %s -P%s I wonder what PRINTER="foo;/bin/rm /etc/passwd" would do) And yes, it has it's own security checks in it - but I'd feel much happier if the security checks were left to the operating system, where they belong - there's much less chance of screwing up, that way. I was going to continue looking at the different setuid programs, but this is getting too depressing. Look, just go through the system, take the setuid bit off each program that has it, check it still works, if it does, leave it off. If it's not going to be run by users, leave it off. It's not a difficult thing to do. Wish SGI had done it before shipping. Anthony