Re: IRIX 5.2 Security Advisory

Marc W. Mengel (mengel@dcdmwm.fnal.gov)
Tue, 09 Aug 94 16:19:01 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Karyn Pichnarczyk: "Re: IRIX 5.2 Security Advisory"
Previous message: Jim Littlefield: "Re: IRIX 5.2 Security Advisory"
In reply to: Steve Kotsopoulos: "IRIX 5.2 Security Advisory"
Next in thread: Karyn Pichnarczyk: "Re: IRIX 5.2 Security Advisory"

In <94Aug9.094422edt.11795@cannon.ecf.toronto.edu>  you write:

    I am cc'ing this update to several mailing lists the advisory has been
    forwarded to since last week.

    Steve Kotsopoulos <steve@ecf.toronto.edu> wrote:
    >I'm not sure what the vulnerability is, since the sgihelp.books.ViewerHelp
    >system doesn't seem to contain anything but data files with normal
    >permissions (no setuid programs).
    >
    >How can the removal of this subsystem affect security?
    >Was there a typo in the advisory, perhaps?

Lots of the setuid GUI admin programs lurking around the system invoke
it to provide help.  It has a print menu with a "pipe to command" option.

'nuff said.

Marc

Next message: Karyn Pichnarczyk: "Re: IRIX 5.2 Security Advisory"
Previous message: Jim Littlefield: "Re: IRIX 5.2 Security Advisory"
In reply to: Steve Kotsopoulos: "IRIX 5.2 Security Advisory"
Next in thread: Karyn Pichnarczyk: "Re: IRIX 5.2 Security Advisory"