lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: 
 <OF51A49383.B5D44458-ON85256E60.006016A7-85256E60.0060C8A4@epamail.epa.gov>
From: Sullivan.Danielj at epamail.epa.gov (Sullivan.Danielj@...mail.epa.gov)
Subject: AIX 4.3.3 has make sgid 0?

The "make" to worry about appears to be the one in /usr/local/bin, not 
/usr/ccs/bin.  See the sample exploit script at the usual spot.

The problem appears to be with GNU's make, which is installed setgid (by 
default) on AIX so as to enable the "-l load" option.  This option is used 
to throttle the number of jobs created by "make" as the system load 
increases (especially during parallel makes).

I haven't checked whether /usr/local/bin/make is part of some supplemental 
AIX package, or just happens to be on those systems where the admin 
installed GNU make.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040323/7b120c02/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ