[1193] in bugtraq
sigh. another Irix 5.2 hole.
daemon@ATHENA.MIT.EDU (anthony baxter)
Tue Mar 7 01:38:33 1995
To: bugtraq@fc.net
From: anthony baxter <anthony.baxter@aaii.oz.au>
Reply-To: anthony.baxter@aaii.oz.au
Date: Tue, 07 Mar 1995 15:26:14 +1000
/usr/sbin/colorview is setuid root, and takes a -text filename
option. It reads this as root, and can read any file on the system.
And, as an added bonus, it gives you a nice little widget with a
scrollbar on it so you can page through the file.
rah rah rah guys.
Note for all vendors: DONT MAKE THINGS SETUID UNNECESSARILY.
Oh, and SGI: the fix is _not_ to make it check "hey, I can't read
that file normally, lets prompt them for the root password" -
it's to take the setuid bit away from it. I've been told that
/usr/lib/desktop/permissions, although minus the recent bug, is still
setuid root on Irix 5.3. Wonderful.
Anthony