On Fri, 5 Feb 1999, Lamont Granquist wrote: > The following file is left suid root after a patch installation in HP-UX > 11.0: > > -r-s--x--x 1 root bin 20480 Nov 7 1997 > /var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp > > % uname -a > HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license > > Fortunately, the /var/adm/sw/save directory is only readable by root. I do > not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is > a security patch. I still feel this is poor practice by HP. HP-UX admins > should scan their systems for other suid binaries which have been left > lying around by other patches: As far as I recall this has allways been the case with HP Patch saves. # #uname -r B.10.20 # #pwd /var/adm/sw/patch # #ll -d . dr-x------ 281 root sys 6144 Feb 4 19:17 . # #ll ./PHCO_12097/usr/bin/newgrp -r-sr-xr-x 1 root bin 16384 Jun 10 1996 ./PHCO_12097/usr/bin/newgrp # But as you can see /var/adm/sw/patch is +r+x root & no other permissions. Not good practice, but no immediate security threat either. /olle -- Above views are my own unless explicitly stated otherwise. God is real, until declared integer.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:02 PDT