Bugtraq mailing list archives
Exploit for SGI permissions tool
From: glaze () rclsgi eng ohio-state edu (Larry Glaze)
Date: Mon, 6 Mar 1995 08:03:42 -0500 (EST)
This is a pretty simple hole to exploit. Below are the steps involved:
1. run /usr/lib/desktop/permissions on your favorite file (/etc/passwd is a
good one)
2. modify the permissions to suit your needs
3. click on the 'Apply' button *twice* before the window pops up to ask for
root password if you don't own the file
4. click 'Cancel' button in the window asking for root password
5. you are done, the permissions changes should have gone through
Once again, this only works for SGI IRIX 5.2 and only if the tool has had the
suid and sgid bits set. Removing the suid and sgid bits solves this problem.
Larry
--
Larry Glaze | "...Life's a bummer..."
The Ohio State University | --Smashing Pumpkins
glaze.6 () osu edu |
http://rclsgi.eng.ohio-state.edu/~glaze |All opinions are my own, blah, blah...
Current thread:
- Re: Sendmail fixkit John F. Haugh II (Mar 04)
- Re: Sendmail fixkit Dave Horsfall (Mar 05)
- Re: Sendmail fixkit System Administrator (Mar 06)
- Exploit for SGI permissions tool Larry Glaze (Mar 06)
- Re: Exploit for SGI permissions tool Tony Hoffmann (Mar 06)
- no subject (file transmission) Dr. Frederick B. Cohen (Mar 06)
- <Possible follow-ups>
- Re: Sendmail fixkit der Mouse (Mar 07)
- Re: Sendmail fixkit Dave Horsfall (Mar 05)