Bugtraq mailing list archives
Re: Large security hole in SGI IRIX 5.2
From: glaze () rclsgi eng ohio-state edu (Larry Glaze)
Date: Fri, 3 Mar 1995 08:46:06 -0500 (EST)
bugtraq is a FULL disclosure list.
Yeah, and I believe in full disclosure but not AS SOON AS the hole is discovered. If there is an easy fix then I think people should have at least a couple of days to fix it. Besides, it is my perogative whether or not I want to even give an exploit or not. (yeah, I know, discuss this stuff on the other mailing list...) Enough of that subject.
The hole comes from the authentication being at the _dirview_ (an SGI directory browser) level. You can only pull up 'permissions' when the menu item is not grayed out. If you run 'permissions' by hand, you eliminate that check and have root access to the permissions on an file. Turning the setuid/setgid bit off is a perfectly sensible solution to this problem, and it is beyond me why that wasn't the default permissions.
I didn't have time to figure out -where- the problem is coming from, just that it existed. Besides, all those people who think they know exactly how to exploit the hole well...I haven't seen anyone give the exact way to do it (what happened to full disclosure? Hmm...) and the couple I have seen do not work. I could pull up the 'permissions' menu on *any* file or directory on our system. Also, running it by hand doesn't give you any more or less priveledges than what you have by running it through the menu. And if another hole like this exists (as someone mentioned in another message) then why the hell hasn't anyone been notified about it! Sheesh, so much for *any* disclosure! Larry -- Larry Glaze | "...Life's a bummer..." The Ohio State University | --Smashing Pumpkins glaze.6 () osu edu | http://rclsgi.eng.ohio-state.edu/~glaze |All opinions are my own, blah, blah...
Current thread:
- Re: Re[2]: snooper watchers fast forward futurama (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 02)
- Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 02)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
- Re: Large security hole in SGI IRIX 5.2 Software Test Account (Mar 07)
- Re: Large security hole in SGI IRIX 5.2 Steve Robbins (Mar 10)
- Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
- <Possible follow-ups>
- Re: Re[2]: snooper watchers F. L. Charles Seeger III (Mar 01)
- Re: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers whatever happened to my fighting fighting lightning lioness? (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 03)