_____________________________________________________
The Computer Incident Advisory Capability
___ __ __ _ ___
/ | / \ /
\___ __|__ /___\ \___
_____________________________________________________
Informational Bulletin
UNIX Security Problem with Silicon Graphics Mail
October 12, 1990, 0800 PST Number B-2
CIAC has been learned of a security problem with the Berkeley Mailer
supplied by Silicon Graphics. The program /usr/sbin/Mail on IRIX 3.3
and later releases sets the setgid bit. This allows users to read any
mail on the system, including mail to root.
To determine if your system has this problem you should execute:
ls -l /usr/sbin/Mail
A line similar to the following should be displayed:
-rwxr-sr-x 1 bin mail 172080 Jun 7 15:05 /usr/sbin/Mail
Look at the permission bits. If you see, "-rwxr-sr-x" then the
problem exists on your system.
There are several potential solutions for this problem.
Alternative 1 - Workaround
Execute the following command as root:
chmod 755 /usr/sbin/Mail
Then after doing a ls -l you should see:
-rwxr-xr-x 1 bin mail 172080 Jun 7 15:05 /usr/sbin/Mail
This workaround has one known side effect. The Mail program can no
longer remove the user's mail file from /usr/mail when all messages
have been deleted. Instead, it leaves a zero length file.
If you choose this solution, please be aware that the fixed binary will
be available in the next release of IRIX (3.3.2, currently scheduled
for November, 1990).
Alternative 2 - Obtain and install the fixed binary
A better solution is to download the fixed binary from sgi.com.
Silicon Graphics has made a new executable available to fix this
problem. It is available for anonymous ftp from sgi.com, or from your
local Silicon Graphics sales representative. Contact the SGI hotline
for more information. (The bug number is alpha bug AF19315).
If you are not certain how to ftp to sgi.com and properly install the
binary, use the following commands:
cd /usr/sbin - The directory that
Mail is in
chmod 755 /usr/sbin/Mail - Remove the setgid bit
mv /usr/sbin/Mail /usr/sbin/Mail.org - Rename Mail
ftp 192.48.153.1 - ftp to sgi.com and
get the new binary,
name: anonymous - login as anonymous
password: guest - password guest
ftp> bin - Set binary mode
ftp> cd sgi/Mail - The Mail directory
ftp> get Mail - Get the new binary
ftp> quit - quit ftp
chmod 2755 Mail - Make sure
permissions are correct
chgrp mail Mail - Make sure group is
correct
chown bin Mail - Make sure owner is
correct
For additional information or assistance, please contact CIAC
David Brown
(415) 423-9878 or (FTS) 543-9878
FAX: (415) 423-0913 or (FTS) 543-0913
or send e-mail to:
ciac@tiger.llnl.gov
The assistance of Kevin E. Leininger and Matt Wicks of Fermi National
Accelerator Laboratory and Chuck Athey and Ross Guant of Lawrence
Livermore National Laboratory is gratefully acknowledged. Neither the
United States Government nor the University of California nor any of
their employees, makes any warranty, expressed or implied, or assumes
any legal liability or responsibility for the accuracy, completeness,
or usefulness of any information, product, or process disclosed, or
represents that its use would not infringe privately owned rights.
Reference herein to any specific commercial products, process, or
service by trade name, trademark manufacturer, or otherwise, does not
necessarily constitute or imply its endorsement, recommendation, or
favoring by the United States Government or the University of
California. The views and opinions of authors expressed herein do not
necessarily state or reflect those of the United States Government nor
the University of California, and shall not be used for advertising or
product endorsement purposes.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
