Bugtraq mailing list archives

Re: HP-UX Problem...

From: andrewh () cs hmc edu (Andrew Hughes)
Date: Mon, 20 Feb 1995 13:29:32 -0800 (PST)


Did HP ever fix the diagnostic program that was SUID root, and
would read any file as a directive file? I found it amusing to
run this, and have it report "blah is unrecognized" for each line,
where "blah" is the contents of each line, one at a time, of any
system file, regardless of ownership and mode ;-) I told the HP
rep that came in to do some performance tuning for us, but I
don't know what he did or did not do about it.

Assuming you're talking about sysdiag with the "usefile" command, it seems
to have been fixed as of DUI Version A.02.24, if not before (I'm just going
by the version info it prints out when run).  You get a SECURITY VIOLATION
error message or some such if you try to look at afile you shouldn't.  :-)

                                AndrewH

Current thread:

mail.local.c patch Jon Peatfield (Feb 18)
- MAILING REQUEST Anonymous the XXIIV (Feb 18)
- Re: mail.local.c patch Neil Woods (Feb 18)
  - Re: mail.local.c patch Christopher Samuel (Feb 20)
- HP-UX Problem... Mr Martin J Hargreaves (Feb 19)
  - Re: HP-UX Problem... Aaron Sherman (Feb 20)
    - Re: HP-UX Problem... Andrew Hughes (Feb 20)
    - Bugtraq mailing list William B. Chmura (Feb 21)
    - fcntl() file locking under Solaris 2.4 Jas (Feb 21)
    - Re: fcntl() file locking under Solaris 2.4 Jas (Feb 22)
    - snooper watchers Ben Taylor (Feb 22)
    - Re: snooper watchers Eric Conrad (Feb 22)
    - Re: snooper watchers Ben Taylor (Feb 22)
    - CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Paul 'Shag' Walmsley (Feb 22)
    - Re: CERT Advisory CA-95:05.sendmail.vulnerabilities (fwd) Dave Schweisguth (Feb 23)
    - Sendmail 8.6.9 security hole Igor V. Semenyuk (Feb 22)
    - Re: Sendmail 8.6.9 security hole Christopher Samuel (Feb 23)

(Thread continues...)