Bugtraq mailing list archives

Semaphores/Setuid root... problem?

From: pwh () bradley bradley edu (Pete Hartman)
Date: Thu, 9 Feb 95 16:15:28 -0600


I just discovered that an engineering package I've installed
relies on a product called "interbase" that, in addition to
being stupidly unable to run correctly from/on NFS filesystems,
seems to require setuid root/setgid bin programs that manage software
via semaphores.

This seems a ridiculous requirement--are root/bin privs *really*
necessary to use semaphores under SunOS 4.1.3?

More importantly, does anyone know of any way to subvert semaphores
themselves when running as root?  It's unclear looking at this software so
far whether it honors any command line arguments, but from preliminary
tracing, I'm inclined to think not (but I have a request in to the vedor
to verify both the necessity of setuid and the operation of the
programs).

If this is an inappropriate question for this list, I'd appreciate 
if the moderator would let me know rather than simply dropping me.
It seems relevant to me, and if it isn't perhaps some more specific 
guideliness would be in order....

Current thread:

Re: Request for discussion., (continued)
- - Re: Request for discussion. Aleph One (Feb 07)
  - Re: Request for discussion. Julian Assange (Feb 08)
    - Re: Request for discussion. Casper Dik (Feb 08)
    - Re: Request for discussion. Karl Strickland (Feb 08)
    - Re: Request for discussion. Casper Dik (Feb 08)
    - Sniffer FAQ Christopher Klaus (May 27)
    - Security FAQes Update Christopher Klaus (May 27)
    - Re: Request for discussion. Silicon Avatar (Feb 09)
    - X authentication Timothy Newsham (Feb 09)
    - Re: X authentication Stephen Gildea (Feb 10)
    - Semaphores/Setuid root... problem? Pete Hartman (Feb 09)
- Re: Request for discussion. Bengt Gorden (Feb 08)
- Re: Request for discussion. Joerg Czeranski (Feb 08)