Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

sgihelp vulnerability

From: max () gac edu (max () gac edu)
Date: Tue, 9 Aug 94 21:22:59 -0500

Although the wrapper program I posted earlier still seems sufficient
to prevent people from trivially becoming root, it has been brought to
my attention that under some circumstances one normal user can still
become another normal user.  Although less severe, this is still a
significant secruity concern.  Therefore, ***I don't recommend the use
of my wrapper program.**** Instead, as a matter of prudence, I would
suggest turning off sgihelp entirely until a better solution is found.
This can be done by renaming /usr/sbin/sgihelp to something else, or
for the 'versions' happy, doing 
 versions remove sgihelp.sw.eoe

Note that this is my own personal opinion only.  To my knowledge, SGI
has not officially superceded their original suggestion of just
removing sgihelp.books.ViewerHelp.  However, my judgement is that it
would be considerably more prudent to remove sgihelp.sw.eoe.
Previous By Date Next
Previous By Thread Next

Current thread: