The following file is left suid root after a patch installation in HP-UX 11.0: -r-s--x--x 1 root bin 20480 Nov 7 1997 /var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp % uname -a HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license Fortunately, the /var/adm/sw/save directory is only readable by root. I do not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is a security patch. I still feel this is poor practice by HP. HP-UX admins should scan their systems for other suid binaries which have been left lying around by other patches: % find / ! -local -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lad \{\} \; (assuming you don't want to scan your NFS disks, adjust accordingly if you do...) -- Lamont Granquist lamontgat_private Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344 Box 352145 / University of Washington / Seattle, WA 98195 PGP pubkey: finger lamontgat_private | pgp -fka
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:32:55 PDT