Full Disclosure mailing list archives
AIX 4.3.3 has make sgid 0?
From: BoneMachine <bonemach () sdf lonestar org>
Date: Mon, 22 Mar 2004 15:16:15 GMT
Hello I was browsing the SecurityFocus vulnerability database and found the following: http://www.securityfocus.com/bid/9903 "Because the make utility is reported to run with setGID root privileges, a local attacker may potentially exploit this condition to gain access to the root group" Is this true ? I cannot believe that IBM has an setGID root-bit on the make utillity. This goes against all security practices I've ever heard. Are there people that have more info on this vulnerability or is this a hoax? greetings Bone Machine --- "I'm the king of airodynamics" - The Pixies --- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AIX 4.3.3 has make sgid 0? BoneMachine (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Valdis . Kletnieks (Mar 22)
- Re: AIX 4.3.3 has make sgid 0? Darren Tucker (Mar 23)
- Re: AIX 4.3.3 has make sgid 0? Sullivan . Danielj (Mar 23)