Bugtraq mailing list archives
sgihelp vulnerability
From: max () gac edu (max () gac edu)
Date: Tue, 9 Aug 94 21:22:59 -0500
Although the wrapper program I posted earlier still seems sufficient to prevent people from trivially becoming root, it has been brought to my attention that under some circumstances one normal user can still become another normal user. Although less severe, this is still a significant secruity concern. Therefore, ***I don't recommend the use of my wrapper program.**** Instead, as a matter of prudence, I would suggest turning off sgihelp entirely until a better solution is found. This can be done by renaming /usr/sbin/sgihelp to something else, or for the 'versions' happy, doing versions remove sgihelp.sw.eoe Note that this is my own personal opinion only. To my knowledge, SGI has not officially superceded their original suggestion of just removing sgihelp.books.ViewerHelp. However, my judgement is that it would be considerably more prudent to remove sgihelp.sw.eoe.
Current thread:
- sgihelp vulnerability max () gac edu (Aug 09)