Re: IRIX: Bug in startmidi

[sma () NAS NASA GOV (Steve M. Acheson)]

> > > Whilst browsing around the filesystem on my SGI (running IRIX 5.3), I
> > > noticed a little suid-root program called 'startmidi' which hides in
> > > /usr/sbin. When run, this program creates various files in /tmp. You
> > > guessed it, it respects umask and follows symlinks. Comme ca:

[ example ...]

> > eh... that's strange.  I was looking at startmidi a while back, but didn't
> > find any root holes.  Now I look again, still nothing.  Indeed, on my 5.3
>
> umm..I can successfully create file owned by root..
>
> > You must have some special configuration, I recon.  On the box I was testing
>
> I don't think it's special to his machine, I've got the same behaviour
> as described (though stopmidi can't remove the file already in /tmp).

All of my systems, 5.3/6.2/6.3 are immune to this problem.  We also have all
of the security patches installed.

Something I did notice, is that when it creates the socket in /tmp/midififo,
it properly deals with user perms, and doens't follow symlinks, but it doesn't
reset the group of the fifo.  It left it as my primary group.

While the permissons of it are 600 it isn't a big concern, but it probably
would be better as group root.

Just my paranoia...

Satch
--
================================================================
Steve Acheson                                   sma () nas nasa gov
Numerical Aerospace Simulation Facility         415-604-4495
NASA Ames - MS 258-6
Moffett Field, Ca 94035-1000