Date: Fri, 5 Feb 1999 18:35:51 -0800
From: Lamont Granquist <[email protected]>
To: [email protected]Subject: HP-UX 11.0/800 patches leave suid binaries
The following file is left suid root after a patch installation in HP-UX
11.0:
-r-s--x--x 1 root bin 20480 Nov 7 1997
/var/adm/sw/save/PHCO_13214/CMDS-AUX/usr/bin/newgrp
% uname -a
HP-UX xxxx B.11.00 A 9000/898 1687633341 two-user license
Fortunately, the /var/adm/sw/save directory is only readable by root. I do
not know if the newgrp binary is vulnerable, or if the PHCO_13214 patch is
a security patch. I still feel this is poor practice by HP. HP-UX admins
should scan their systems for other suid binaries which have been left
lying around by other patches:
% find / ! -local -prune -o -type f \( -perm -4000 -o -perm -2000 \) -exec ls -lad \{\} \;
(assuming you don't want to scan your NFS disks, adjust accordingly if you
do...)
--
Lamont Granquist [email protected]
Dept. of Molecular Biotechnology (206)616-5735 fax: (206)685-7344
Box 352145 / University of Washington / Seattle, WA 98195
PGP pubkey: finger [email protected] | pgp -fka
