On Mon, Jun 18, 2001 at 07:11:20PM +0200, Paul Starzetz wrote:
> Hi,
>
> there is a symlink handling problem in the pcp suite from SGI. The
> binary pmpost will follow symlinks, if setuid root this leads to instant
> root compromise, as found on SuSE 7.1 (I doubt that this a default SuSE
> package, though).
It's probably a very rare package under linux, but
more common under IRIX. I just tested your exploit
against SGI's binary release of PCP 2.1 under IRIX
6.5.12m, and it worked just fine (after minor fixes).
-jf
