Bugtraq mailing list archives
Re: Exploit for SGI permissions tool
From: hoffmann () drao nrc ca (Tony Hoffmann)
Date: Mon, 6 Mar 1995 15:34:47 -0800 (PST)
This is a pretty simple hole to exploit. Below are the steps involved: 1. run /usr/lib/desktop/permissions on your favorite file (/etc/passwd is a good one) 2. modify the permissions to suit your needs 3. click on the 'Apply' button *twice* before the window pops up to ask for root password if you don't own the file 4. click 'Cancel' button in the window asking for root password 5. you are done, the permissions changes should have gone through Once again, this only works for SGI IRIX 5.2 and only if the tool has had the suid and sgid bits set. Removing the suid and sgid bits solves this problem.
This also worked just fine on our Power Indigo2 running IRIX 6.0.1. Needless to say, I've removed suid sgid permission on the utility. -- Tony Hoffmann Internet: hoffmann () drao nrc ca Snailnet: Dominion Radio Astrophysical Observatory P.O. Box 248, Penticton, BC, Canada V2A 6K3 BC Tel net: (604) 493-2277 Faxnet : (604) 493-7767 voicemailnet: (604) 490-4344 Localnet : ext 344
Current thread:
- Re: Sendmail fixkit John F. Haugh II (Mar 04)
- Re: Sendmail fixkit Dave Horsfall (Mar 05)
- Re: Sendmail fixkit System Administrator (Mar 06)
- Exploit for SGI permissions tool Larry Glaze (Mar 06)
- Re: Exploit for SGI permissions tool Tony Hoffmann (Mar 06)
- no subject (file transmission) Dr. Frederick B. Cohen (Mar 06)
- <Possible follow-ups>
- Re: Sendmail fixkit der Mouse (Mar 07)
- Re: Sendmail fixkit Dave Horsfall (Mar 05)