[3726] in bugtraq
Re: Users can modify routing in AIX 4.1
daemon@ATHENA.MIT.EDU (Troy Bollinger)
Mon Dec 2 13:47:27 1996
Date: Mon, 2 Dec 1996 10:40:01 -0600
Reply-To: Troy Bollinger <troy@austin.ibm.com>
From: Troy Bollinger <troy@austin.ibm.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.A32.3.95.961202094539.36480B-100000@haddock.saa-cons.co.uk>
from "Dave Roberts" at Dec 2, 96 09:55:06 am
AIX 4.1 route permissions were fixed by APAR IX54674.
You can also manually change the permissions:
# chmod 4554 /usr/sbin/route
AIX 3.2.5 and 4.2 have the correct permissions.
Thanks,
Troy
Dave Roberts wrote:
>
> The foundations of this originally came from Marcio d'Avila Scheibler
> <marcio@CPD.UFSM.BR> on the AIX-L mailing list.
>
> In AIX 4.1, the permissions on /usr/sbin/route are 4555. This means that
> anyone with local access on the machine can modify the routing tables, to
> do whatever they want.
>
> Obviously fixing it simply requires the removal of execute permission for
> other, and possibly group if you want it.
>
> Version 3.2.5 have the permissions at 4554, which is more acceptable.
>
> Hopefully IBM will change the permissions back when the release the next
> version.
>
> --
> Dave Roberts For PGP Key - send mail with subject of 'get pgp':-
> Senior Unix Admin < 51 4B 6A 35 3F C4 B6 3D 13 88 0C B2 48 61 51 1C >
> SAA Consultants Ltd Std disclaimer applies, it's nothing to do with them
> Plymouth, UK. Tel: +44 1752 606000 Fax: +44 1752 606838
>
--
+---------------- I do not speak for IBM! ------------------+
|Troy Bollinger | email: troy@austin.ibm.com|
|AIX Security Development | Sometimes the old ways are best.|
+------- AIX security bugs: security@austin.ibm.com --------+
