COMMAND

    sgihelp(1)

SYSTEMS AFFECTED

    IRIX 5.1.x and 5.2

PROBLEM

    Potential vulnerability that would enable an unprivileged user or
    someone with  access to  the system  console to  become an  active
    root user.  This was  to do  with the  help system  having a print
    menu with  a "pipe  to command"  option. The  whole is essentially
    caused  by  two  oversights  in  the  SGI Help system, one being X
    accelerators  (or   keyboard  shortcuts)   and  the   other  being
    sgihelp's use of  system() to pipe  printer output elsewhere.  The
    only  time  it  can  be  exploited  is  when sgihelp runs as root.
    Clogin runs as root, as well as /usr/sbin/printers.

SOLUTION

    Remove the following subsystem by doing:

	# versions remove sgihelp.books.ViewerHelp

    This  only  stops  the  non-logged  people, normal users can still
    become root. Renaming  /usr/sbin/sgihelp will stop  both variants;
    however you lose all  'desktop help'. If running IRIX 5.2  install
    patch65. If running 5.1 upgrade or use one of the above  mentioned
    fixes.