Bugtraq mailing list archives

Re: Large security hole in SGI IRIX 5.2

From: dcs () proton chem yale edu (Dave Schweisguth)
Date: Fri, 3 Mar 1995 20:00:21 -0500 (EST)


Christian A. Ratliff wrote:

The [IRIX /usr/lib/desktop/permissions] hole comes from the authentication
being at the _dirview_ (an SGI directory browser) level. You can only pull
up 'permissions' when the menu item is not grayed out. If you run
'permissions' by hand, you eliminate that check and have root access to the
permissions on an file.


That isn't true here. If I run /usr/lib/desktop/permissions by hand and try
to do something I shouldn't, it asks me for the root password. There may well
be some way to trick it, but it's not that obvious (especially since I don't
use the thing; it's the boring half of chmod). IRIX 5.3, if it matters.

Cheers,

-- 
| Dave Schweisguth    Internet: dcs () proton chem yale edu   MIME spoken here |
| Yale Depts. of MB&B & Chemistry   Phone: 203-432-5208   Fax: 203-432-6144 |
| For complying with the NJ Right To Know Act:  Contents partially unknown. |

Current thread:

Re: Re[2]: snooper watchers fast forward futurama (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 02)
- Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 02)
  - Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Software Test Account (Mar 07)
    - Re: Large security hole in SGI IRIX 5.2 Steve Robbins (Mar 10)
- <Possible follow-ups>
- Re: Re[2]: snooper watchers F. L. Charles Seeger III (Mar 01)
- Re: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers der Mouse (Mar 01)
- Re: Re[2]: snooper watchers whatever happened to my fighting fighting lightning lioness? (Mar 01)
  - Re: Re[2]: snooper watchers System Administrator (Mar 03)