On Tue, 14 May 1996, Hui-Hui Hu wrote:
> Stardot Networks / Security vulnerability [SDN-2-sgi-videoframer]
>
> PROBLEM. sb_encode is installed setuid in /usr/video/vfr/bin and does not
> check for permissions/ownership. sb_encode takes an IRIS RGB-format image
> file and spits out a VideoFramer format file (.vfr).
>
> REPEAT BY: /usr/video/vfr/bin/sb_encode -o [file-to-overwrite] [iris-image]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> TEMPORARY FIX.
>
> # chmod -s /usr/video/vfr/*
Since the sb_encode program is in a subdirectory of /usr/video/vfr/
shouldn't the fix be:
# chmod -R -s /usr/video/vfr/*
M.
##################################################################
# Martin Hargreaves (martin_at_datamodl.demon.co.uk) Computational #
# Director, Datamodel Ltd Chemist #
# Contract Unix system admin/Unix security Sysadmin #
##################################################################
Received on May 23 1996
Intro
