Re: IRIX midikeys Vulnerability

From: acpizer (acpizerat_private)
Date: Mon May 24 1999 - 02:11:09 PDT

Next message: Ryan Russell: "Re: NetBSD Security Advisory 1999-010"

Previous message: Georgi Guninski: "Netscape Communicator JavaScript in <TITLE> security vulnerability"
Maybe in reply to: SGI Security Coordinator: "IRIX midikeys Vulnerability"
Next in thread: Pawel K. Peczak: "Re: IRIX midikeys Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

one thing I have to say about this:
-- snip --

    ================
      ****  NOTE  ****
      ================

      Removal of the setuid permission disables functionality that
      is not implemented or utilized at this time.

     1) Verify midikeys(1) is installed on the system.
        It is installed by default on IRIX 6.2 and higher.
        Note that the program size may vary depending on IRIX release.

              % ls -la /usr/sbin/midikeys
              -rwsr-xr-x 1 root sys  218712 Mar  8 14:57
/usr/sbin/midikeys

-- snip --

If it is not currently unilized or implemented, why the *hell* would a
sane person leave this setuid root?

makes me wonder how many other setuid bins are floating out there that
shouldn't actually be setuid...

-------------------------------------------------------------------------------
"Probably you've only really grown up, when you can bear not being understood."

                              Marian Gold /Alphaville

Next message: Ryan Russell: "Re: NetBSD Security Advisory 1999-010"
Previous message: Georgi Guninski: "Netscape Communicator JavaScript in <TITLE> security vulnerability"
Maybe in reply to: SGI Security Coordinator: "IRIX midikeys Vulnerability"
Next in thread: Pawel K. Peczak: "Re: IRIX midikeys Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:46:40 PDT