[rescue] irix insecurity (was: Sparcstation 2 help! Please)

Greg A. Woods rescue at sunhelp.org
Sun Sep 23 18:00:50 CDT 2001 

[[ I suppose we should move this to geeks if we keep it up.... :-) ]]

[ On Sunday, September 23, 2001 at 17:38:52 (-0400), Dave McGuire wrote: ]
> Subject: Re: [rescue] Sparcstation 2 help! Please
>
>   Well I don't run their mindset in on my network...I run the
> software.  Security problems I can fix (and so can you, and any other
> sysadmin that's worth a damn).

Fixing IRIX, properly, would damn near require replacing it entirely.
Certainly you'd have to loose anything SGI wrote and which either has
the setuid/setgid bits set, or are run in any privileged state and can
be influenced by external input.

My advice last time someone asked me about running IRIX out in full view
of the public Internet without a firewall was that they'd better have
24x7 monitoring and static content that can be burned on a CD along with
the OS so everything can run read-only!  ;-)

Admittedly they do have more problems with local user attacks than
network attacks, but once you're on an IRIX box, even as "nobody", you
can have root pretty much as soon as you figure out what release it's
running.

>   I've had an SGI machine cracked via a telnetd buffer overflow, yes.

telnetd isn't a great example in this case because the bug was in almost
every implementation (at least initially) and it was exploitable on
almost every platform too.

Some of the IRIX overflows are common to all SysV's of similar vintages,
but there are many more in SGI developed tools.  Once upon a time there
were probably more IRIX related bugs posted to BUGTRAQ than anything
else (alone).  I attribute the drop in numbers not due to an increase in
software quality, but rather due to a drop in popularity.  IIRC netcraft
have showed a steady decline of SGI servers....

> At least it's not Linux, getting pounded on from every direction by
> children with perl scripts. ;)

Exactly -- SGIs running IRIX are no longer quite as popular as
high-visibility Internet servers as they once were.....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods at acm.org>     <woods at robohack.ca>
Planix, Inc. <woods at planix.com>;   Secrets of the Weird <woods at weird.com>

More information about the rescue mailing list