[1181] in bugtraq
Re: Large security hole in SGI IRIX 5.2
daemon@ATHENA.MIT.EDU (Dave Schweisguth)
Sat Mar 4 13:27:30 1995
From: dcs@proton.chem.yale.edu (Dave Schweisguth)
To: bugtraq@fc.net (bugtraq)
Date: Fri, 3 Mar 1995 20:00:21 -0500 (EST)
In-Reply-To: <9503031317.AA03349@indikos> from "Christian A. Ratliff" at Mar 3, 95 08:17:11 am
Christian A. Ratliff wrote:
> The [IRIX /usr/lib/desktop/permissions] hole comes from the authentication
> being at the _dirview_ (an SGI directory browser) level. You can only pull
> up 'permissions' when the menu item is not grayed out. If you run
> 'permissions' by hand, you eliminate that check and have root access to the
> permissions on an file.
That isn't true here. If I run /usr/lib/desktop/permissions by hand and try
to do something I shouldn't, it asks me for the root password. There may well
be some way to trick it, but it's not that obvious (especially since I don't
use the thing; it's the boring half of chmod). IRIX 5.3, if it matters.
Cheers,
--
| Dave Schweisguth Internet: dcs@proton.chem.yale.edu MIME spoken here |
| Yale Depts. of MB&B & Chemistry Phone: 203-432-5208 Fax: 203-432-6144 |
| For complying with the NJ Right To Know Act: Contents partially unknown. |