|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
how not to ship an O/S - more on Irix 5.2
anthony baxter (anthony.baxter
aaii.oz.au)Tue, 07 Mar 1995 16:21:08 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Christopher Samuel: "Comments in /.rhosts (was Re: COPS reporting unrestricted NFS exports"
- Previous message: Mike Shaver: "Re: Re: COPS reporting unrestricted NFS exports under Linux"
Now, who can pick the dangerous habit here:
First, Irix 5.2's setmon(1G) man page:
setmon changes the video output format to the one specified; it also
specifies the default video format to be used at system power-up or
graphics initialization. setmon should be invoked after you have
acquired root privileges.
Next, setmon, as shipped:
-r-sr-xr-x 1 root sys 117840 Mar 5 1994 /usr/gfx/setmon
If it's only meant to be run by root, why give it the setuid bit?
I'm also not going to ask why /usr/lib/addnetpr is setuid root, especially
when a 'strings' on it reveals what seems to be very likely to be 'system()'
or 'popen()' calls.
(strings gives, in part:
PRINTER
%s -P%s
I wonder what PRINTER="foo;/bin/rm /etc/passwd" would do)
And yes, it has it's own security checks in it - but I'd feel much
happier if the security checks were left to the operating system, where
they belong - there's much less chance of screwing up, that way.
I was going to continue looking at the different setuid programs, but
this is getting too depressing. Look, just go through the system, take
the setuid bit off each program that has it, check it still works, if it
does, leave it off. If it's not going to be run by users, leave it off.
It's not a difficult thing to do. Wish SGI had done it before shipping.
Anthony