[1199] in bugtraq
Re: sigh. another Irix 5.2 hole.
daemon@ATHENA.MIT.EDU (Paul 'Shag' Walmsley)
Tue Mar 7 15:11:59 1995
Date: Tue, 7 Mar 1995 12:01:40 -0600 (CST)
From: "Paul 'Shag' Walmsley" <ccshag@cclabs.missouri.edu>
To: anthony baxter <anthony.baxter@aaii.oz.au>
Cc: bugtraq@fc.net
In-Reply-To: <199503070526.PAA06935@alamein>
On Tue, 7 Mar 1995, anthony baxter wrote:
>
> /usr/sbin/colorview is setuid root, and takes a -text filename
> option. It reads this as root, and can read any file on the system.
> And, as an added bonus, it gives you a nice little widget with a
> scrollbar on it so you can page through the file.
>
This one's about a year old - see the SGI Admin FAQ for this and lots
of other IRIX security info (finger sgi-faq@viz.tamu.edu for location
information)
- Paul "Shag" Walmsley <ccshag@cclabs.missouri.edu>
"I'll drink a toast to bold evolution any day!"