Bugtraq mailing list archives

sigh. another Irix 5.2 hole.

From: anthony.baxter () aaii oz au (anthony baxter)
Date: Tue, 07 Mar 1995 15:26:14 +1000


/usr/sbin/colorview is setuid root, and takes a -text filename 
option. It reads this as root, and can read any file on the system.
And, as an added bonus, it gives you a nice little widget with a 
scrollbar on it so you can page through the file.

rah rah rah guys.

Note for all vendors: DONT MAKE THINGS SETUID UNNECESSARILY.

Oh, and SGI: the fix is _not_ to make it check "hey, I can't read
that file normally, lets prompt them for the root password" -
it's to take the setuid bit away from it. I've been told that
/usr/lib/desktop/permissions, although minus the recent bug, is still
setuid root on Irix 5.3. Wonderful.

Anthony

Current thread:

sigh. another Irix 5.2 hole. anthony baxter (Mar 06)
- Re: sigh. another Irix 5.2 hole. Paul 'Shag' Walmsley (Mar 07)
- Re: sigh. another Irix 5.2 hole. Norman P. B. Joseph (Mar 07)
  - Request for subscription into the list Dayakar Veerlapati (Mar 07)
  - Request for subscription into the list -=Where Eagles Dare=- (Mar 07)
  - STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 08)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor Mr Martin J Hargreaves (Mar 12)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 12)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor John Studarus (Mar 12)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor Rodney Campbell (Mar 12)
    - Re: STROBE v1.01 Super Optimised TCP port surveyor Scott D. Yelich (Mar 13)

(Thread continues...)