mailing list archives
AIX 4.3.3 has make sgid 0?
From: BoneMachine <bonemach () sdf lonestar org>
Date: Mon, 22 Mar 2004 15:16:15 GMT
I was browsing the SecurityFocus vulnerability database and found the following:
"Because the make utility is reported to run with setGID root privileges, a local attacker may potentially exploit this
condition to gain access to the root group"
Is this true ? I cannot believe that IBM has an setGID root-bit on the make utillity. This goes against all security
practices I've ever heard.
Are there people that have more info on this vulnerability or is this a hoax?
"I'm the king of airodynamics" - The Pixies
Full-Disclosure - We believe in it.
- AIX 4.3.3 has make sgid 0? BoneMachine (Mar 22)