Full Disclosure mailing list archives
Re: AIX 4.3.3 has make sgid 0?
From: Sullivan.Danielj () epamail epa gov
Date: Tue, 23 Mar 2004 12:35:11 -0500
The "make" to worry about appears to be the one in /usr/local/bin, not /usr/ccs/bin. See the sample exploit script at the usual spot. The problem appears to be with GNU's make, which is installed setgid (by default) on AIX so as to enable the "-l load" option. This option is used to throttle the number of jobs created by "make" as the system load increases (especially during parallel makes). I haven't checked whether /usr/local/bin/make is part of some supplemental AIX package, or just happens to be on those systems where the admin installed GNU make.
Current thread:
- AIX 4.3.3 has make sgid 0? BoneMachine (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Valdis . Kletnieks (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Darren Tucker (Mar 23)
- Re: AIX 4.3.3 has make sgid 0? Sullivan . Danielj (Mar 23)