Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Users can modify routing in AIX 4.1

From: troy () austin ibm com (Troy Bollinger)
Date: Mon, 2 Dec 1996 10:40:01 -0600

AIX 4.1 route permissions were fixed by APAR IX54674.
You can also manually change the permissions:

# chmod 4554 /usr/sbin/route

AIX 3.2.5 and 4.2 have the correct permissions.

Thanks,
Troy

Dave Roberts wrote:


The foundations of this originally came from Marcio d'Avila Scheibler
<marcio () CPD UFSM BR> on the AIX-L mailing list.

In AIX 4.1, the permissions on /usr/sbin/route are 4555.  This means that
anyone with local access on the machine can modify the routing tables, to
do whatever they want.

Obviously fixing it simply requires the removal of execute permission for
other, and possibly group if you want it.

Version 3.2.5 have the permissions at 4554, which is more acceptable.

Hopefully IBM will change the permissions back when the release the next
version.

--
Dave Roberts          For PGP Key - send mail with subject of 'get pgp':-
Senior Unix Admin     < 51 4B 6A 35 3F C4 B6 3D  13 88 0C B2 48 61 51 1C >
SAA Consultants Ltd   Std disclaimer applies, it's nothing to do with them
Plymouth, UK.         Tel: +44 1752 606000   Fax: +44 1752 606838




--
+----------------  I do not speak for IBM!  ------------------+
|Troy Bollinger             |      email:  troy () austin ibm com|
|AIX Security Development   | Sometimes the old ways are best.|
+-------  AIX security bugs: security () austin ibm com  --------+
Previous By Date Next
Previous By Thread Next

Current thread: