Bugtraq mailing list archives
sigh. another Irix 5.2 hole.
From: anthony.baxter () aaii oz au (anthony baxter)
Date: Tue, 07 Mar 1995 15:26:14 +1000
/usr/sbin/colorview is setuid root, and takes a -text filename option. It reads this as root, and can read any file on the system. And, as an added bonus, it gives you a nice little widget with a scrollbar on it so you can page through the file. rah rah rah guys. Note for all vendors: DONT MAKE THINGS SETUID UNNECESSARILY. Oh, and SGI: the fix is _not_ to make it check "hey, I can't read that file normally, lets prompt them for the root password" - it's to take the setuid bit away from it. I've been told that /usr/lib/desktop/permissions, although minus the recent bug, is still setuid root on Irix 5.3. Wonderful. Anthony
Current thread:
- sigh. another Irix 5.2 hole. anthony baxter (Mar 06)
- Re: sigh. another Irix 5.2 hole. Paul 'Shag' Walmsley (Mar 07)
- Re: sigh. another Irix 5.2 hole. Norman P. B. Joseph (Mar 07)
- Request for subscription into the list Dayakar Veerlapati (Mar 07)
- Request for subscription into the list -=Where Eagles Dare=- (Mar 07)
- STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 08)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Mr Martin J Hargreaves (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor John Studarus (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Rodney Campbell (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Scott D. Yelich (Mar 13)