On Mon, Jun 18, 2001 at 07:11:20PM +0200, Paul Starzetz wrote: > Hi, > > there is a symlink handling problem in the pcp suite from SGI. The > binary pmpost will follow symlinks, if setuid root this leads to instant > root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE > package, though). It's probably a very rare package under linux, but more common under IRIX. I just tested your exploit against SGI's binary release of PCP 2.1 under IRIX 6.5.12m, and it worked just fine (after minor fixes). -jf
This archive was generated by hypermail 2b30 : Tue Jun 19 2001 - 07:10:32 PDT