[10615] in bugtraq
Re: IRIX midikeys Vulnerability
daemon@ATHENA.MIT.EDU (acpizer)
Mon May 24 12:46:35 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.NEB.3.96.990524093707.10393B-100000@mach.unseen.org>
Date: Mon, 24 May 1999 10:11:09 +0100
Reply-To: acpizer <acpizer@MACH.UNSEEN.ORG>
From: acpizer <acpizer@MACH.UNSEEN.ORG>
To: BUGTRAQ@NETSPACE.ORG
one thing I have to say about this:
-- snip --
================
**** NOTE ****
================
Removal of the setuid permission disables functionality that
is not implemented or utilized at this time.
1) Verify midikeys(1) is installed on the system.
It is installed by default on IRIX 6.2 and higher.
Note that the program size may vary depending on IRIX release.
% ls -la /usr/sbin/midikeys
-rwsr-xr-x 1 root sys 218712 Mar 8 14:57
/usr/sbin/midikeys
-- snip --
If it is not currently unilized or implemented, why the *hell* would a
sane person leave this setuid root?
makes me wonder how many other setuid bins are floating out there that
shouldn't actually be setuid...
-------------------------------------------------------------------------------
"Probably you've only really grown up, when you can bear not being understood."
Marian Gold /Alphaville
