Bugtraq mailing list archives

Re: IRIX 5.2 Security Advisory

From: mengel () dcdmwm fnal gov (Marc W. Mengel)
Date: Tue, 09 Aug 94 16:19:01 -0600

In <94Aug9.094422edt.11795 () cannon ecf toronto edu>  you write:

    I am cc'ing this update to several mailing lists the advisory has been
    forwarded to since last week.

    Steve Kotsopoulos <steve () ecf toronto edu> wrote:
    >I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp
    >system doesn't seem to contain anything but data files with normal
    >permissions (no setuid programs).
    >
    >How can the removal of this subsystem affect security?
    >Was there a typo in the advisory, perhaps?

Lots of the setuid GUI admin programs lurking around the system invoke
it to provide help.  It has a print menu with a "pipe to command" option.

'nuff said.

Marc

Current thread:

IRIX 5.2 Security Advisory Steve Kotsopoulos (Aug 09)
- Re: IRIX 5.2 Security Advisory Dave Sill (Aug 09)
- Re: IRIX 5.2 Security Advisory max () gac edu (Aug 09)
- Re: IRIX 5.2 Security Advisory Marc W. Mengel (Aug 09)
- <Possible follow-ups>
- Re: IRIX 5.2 Security Advisory Jim Littlefield (Aug 09)
- Re: IRIX 5.2 Security Advisory Karyn Pichnarczyk (Aug 09)
  - Re: IRIX 5.2 Security Advisory Perry E. Metzger (Aug 10)
- Re: IRIX 5.2 Security Advisory Bob Vickers (Aug 10)