[1183] in bugtraq
Exploit for SGI permissions tool
daemon@ATHENA.MIT.EDU (Larry Glaze)
Mon Mar 6 09:50:55 1995
From: glaze@rclsgi.eng.ohio-state.edu (Larry Glaze)
To: bugtraq@fc.net
Date: Mon, 6 Mar 1995 08:03:42 -0500 (EST)
This is a pretty simple hole to exploit. Below are the steps involved:
1. run /usr/lib/desktop/permissions on your favorite file (/etc/passwd is a
good one)
2. modify the permissions to suit your needs
3. click on the 'Apply' button *twice* before the window pops up to ask for
root password if you don't own the file
4. click 'Cancel' button in the window asking for root password
5. you are done, the permissions changes should have gone through
Once again, this only works for SGI IRIX 5.2 and only if the tool has had the
suid and sgid bits set. Removing the suid and sgid bits solves this problem.
Larry
--
Larry Glaze | "...Life's a bummer..."
The Ohio State University | --Smashing Pumpkins
glaze.6@osu.edu |
http://rclsgi.eng.ohio-state.edu/~glaze |All opinions are my own, blah, blah...