COMMAND

    /usr/lib/InPerson/inpview

SYSTEMS AFFECTED

    IRIX

PROBLEM

    inpview is  part of  InPerson desktop  video conferencing package.
    It's   root-owned/suid   and   is   written   in   a  classic  SGI
    suid-programming style, i.e.  in the course of execution  inpview,
    without dropping euid=0, starts program ttsession, using  system()
    and without bothering to use  absolute path.  So it's  pretty much
    like suid shell sitting around, in case you forget root  password.
    It  does  all  kinds  of  other  dangerous  stuff  as  well,  e.g.
    predictable tmp files.

    Credit for this goes to Yuri Volobuev.

SOLUTION

    Obvious fix is to  strip suid bit, which  is most likely to  break
    it.   If  you  do   need  InPerson  badly,  consider   restricting
    execution privileges to the trusted  group of users, or putting  a
    standard wrapper around it, kind of what AUSCERT usually  supplies
    with  their  advisories.   Such  a  wrapper  should reset critical
    environment variables (PATH,  HOME, LOGNAME, etc.),  check command
    line  for  unwanted  characters  (shell  metacharacters, see sh(1)
    manpage),  checks  command  line   and  may  be  few   environment
    variables for  length.   It doesn't  protect you  from all  evils,
    notably nothing can be done about tmp files, but it's better  than
    nothing.