The "make" to worry about appears to be the one in /usr/local/bin, not /usr/ccs/bin. See the sample exploit script at the usual spot.
The problem appears to be with GNU's make, which is installed setgid (by default) on AIX so as to enable the "-l load" option. This option is used to throttle the number of jobs created by "make" as the system load increases (especially during parallel makes).
I haven't checked whether /usr/local/bin/make is part of some supplemental AIX package, or just happens to be on those systems where the admin installed GNU make.
- [Full-Disclosure] AIX 4.3.3 has make sgid 0? BoneMachine
- Re: [Full-Disclosure] AIX 4.3.3 has make sgid 0? Valdis . Kletnieks
- Re: [Full-Disclosure] AIX 4.3.3 has make sgid 0? Darren Tucker
- Sullivan . Danielj
