COMMAND

	xfsdump insecure file creation

SYSTEMS AFFECTED

	IRIX versions prior to 6.5.20 (6.5.20 is immune)

PROBLEM

	In SGI Security Advisory 20030404-01-P:
	
	It's  been  reported  that  xfsdump  creates  quota  information   files
	insecurely, possibly leading to a root exploit by a local user.
	
	See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0173
	
	SGI has investigated the issue and recommends the  following  steps  for
	neutralizing the exposure. It is HIGHLY RECOMMENDED that these  measures
	be implemented on ALL vulnerable SGI systems.
	
	These issues have been corrected with patches and in future releases  of
	IRIX.

SOLUTION

	There is no effective workaround available for  these  problems  if  you
	need to use xfsdump on  xfs  filesystems  with  quotas.  SGI  recommends
	either upgrading to IRIX 6.5.20  (when  available),  or  installing  the
	appropriate patch available from vendor.