Bugtraq mailing list archives
Re: IRIX 5.2 Security Advisory
From: mengel () dcdmwm fnal gov (Marc W. Mengel)
Date: Tue, 09 Aug 94 16:19:01 -0600
In <94Aug9.094422edt.11795 () cannon ecf toronto edu> you write: I am cc'ing this update to several mailing lists the advisory has been forwarded to since last week. Steve Kotsopoulos <steve () ecf toronto edu> wrote: >I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp >system doesn't seem to contain anything but data files with normal >permissions (no setuid programs). > >How can the removal of this subsystem affect security? >Was there a typo in the advisory, perhaps? Lots of the setuid GUI admin programs lurking around the system invoke it to provide help. It has a print menu with a "pipe to command" option. 'nuff said. Marc
Current thread:
- IRIX 5.2 Security Advisory Steve Kotsopoulos (Aug 09)
- Re: IRIX 5.2 Security Advisory Dave Sill (Aug 09)
- Re: IRIX 5.2 Security Advisory max () gac edu (Aug 09)
- Re: IRIX 5.2 Security Advisory Marc W. Mengel (Aug 09)
- <Possible follow-ups>
- Re: IRIX 5.2 Security Advisory Jim Littlefield (Aug 09)
- Re: IRIX 5.2 Security Advisory Karyn Pichnarczyk (Aug 09)
- Re: IRIX 5.2 Security Advisory Perry E. Metzger (Aug 10)
- Re: IRIX 5.2 Security Advisory Bob Vickers (Aug 10)