With minor modifications, this also yields root with the IRIX version
of PCP 2.1 running under IRIX 6.5.10. PCP 2.2 under IRIX 6.5.11+ not
tested.
Under IRIX `chmod 555 /usr/pcp/bin/pmpost` mitigates the root
vulnerability (and presumably some of the PCP ``Notice Board''
functionality) until a patch is available.
Paul Starzetz <[EMAIL PROTECTED]> writes:
> there is a symlink handling problem in the pcp suite from SGI. The
> binary pmpost will follow symlinks, if setuid root this leads to instant
> root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
> package, though).
--
/* Dale Southard Jr. [EMAIL PROTECTED] 925-422-1463 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-550, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
