Full Disclosure mailing list archives

Re: AIX 4.3.3 has make sgid 0?

From: Sullivan.Danielj () epamail epa gov
Date: Tue, 23 Mar 2004 12:35:11 -0500

The "make" to worry about appears to be the one in /usr/local/bin, not 
/usr/ccs/bin.  See the sample exploit script at the usual spot.

The problem appears to be with GNU's make, which is installed setgid (by 
default) on AIX so as to enable the "-l load" option.  This option is used 
to throttle the number of jobs created by "make" as the system load 
increases (especially during parallel makes).

I haven't checked whether /usr/local/bin/make is part of some supplemental 
AIX package, or just happens to be on those systems where the admin 
installed GNU make.

Current thread:

AIX 4.3.3 has make sgid 0? BoneMachine (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Valdis . Kletnieks (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Darren Tucker (Mar 23)
  - Re: AIX 4.3.3 has make sgid 0? Sullivan . Danielj (Mar 23)