[3752] in bugtraq
Re: Irix: suid_exec hole
daemon@ATHENA.MIT.EDU (Kari E. Hurtta)
Thu Dec 5 17:26:08 1996
Date: Fri, 6 Dec 1996 00:17:38 +0200
Reply-To: "Kari E. Hurtta" <Kari.Hurtta@ozone.fmi.fi>
From: "Kari E. Hurtta" <Kari.Hurtta@ozone.fmi.fi>
X-To: volobuev@t1.chem.umn.edu
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.A41.3.95.961202193419.32684C-100000@t1.chem.umn.edu> from
Yuri Volobuev at "Dec 2, 96 08:25:58 pm"
Yuri Volobuev:
> Yes, one more Irix root vulnerability, and yes, it's another suid program.
>
> ABSTRACT
>
> /sbin/suid_exec is owned by root and suid. I don't know what it's supposed
> to do, but it can be easily exploited by any local user to get root
> priorities. Exploit works on both 5.3 and 6.2 machines, it's part of
> eoe.sw.unix and thus is installed on each and every machine.
>
> FIX:
>
> chmod -s /sbin/suid_exec
Seems that /sbin/suid_exec is part of ksh. At least it is mentioned
in manual page of ksh:
FILES
/etc/passwd
/etc/profile
/etc/suid_profile
$HOME/.profile
/tmp/sh*
/dev/null
