From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from sgi.com (sgi.SGI.COM [192.48.153.1])
	by lara.stud.fh-heilbronn.de (8.9.1a/8.9.1) with ESMTP id MAA23617
	for <pstadt@stud.fh-heilbronn.de>; Mon, 23 Aug 1999 12:26:09 +0200
Received: from cthulhu.engr.sgi.com (cthulhu.engr.sgi.com [192.26.80.2]) 
	by sgi.com (980327.SGI.8.8.8-aspam/980304.SGI-aspam:
       SGI does not authorize the use of its proprietary
       systems or networks for unsolicited or bulk email
       from the Internet.) 
	via ESMTP id DAA04778; Mon, 23 Aug 1999 03:23:28 -0700 (PDT)
	mail_from (owner-linux@cthulhu.engr.sgi.com)
Received: (from majordomo-owner@localhost)
	by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF)
	id DAA30571
	for linux-list;
	Mon, 23 Aug 1999 03:12:13 -0700 (PDT)
	mail_from (owner-linux@relay.engr.sgi.com)
Received: from soyuz.wellington.sgi.com (soyuz.wellington.sgi.com [134.14.64.194])
	by cthulhu.engr.sgi.com (980427.SGI.8.8.8/970903.SGI.AUTOCF)
	via ESMTP id DAA73756
	for <linux@cthulhu.engr.sgi.com>;
	Mon, 23 Aug 1999 03:12:08 -0700 (PDT)
	mail_from (alambie@csd.sgi.com)
Received: from csd.sgi.com by soyuz.wellington.sgi.com via ESMTP (980427.SGI.8.8.8/940406.SGI)
	 id WAA26842; Mon, 23 Aug 1999 22:11:40 +1200 (NZT)
Message-ID: <37C11F26.D2AB4969@csd.sgi.com>
Date: Mon, 23 Aug 1999 22:15:02 +1200
From: Alistair Lambie <alambie@relay.csd.sgi.com>
X-Mailer: Mozilla 4.6C-SGI [en] (X11; I; IRIX 6.5 IP32)
X-Accept-Language: en
MIME-Version: 1.0
To: Pete Young <pete@alien.bt.co.uk>
CC: linux@cthulhu.engr.sgi.com
Subject: Re: Root Password
References: <m11Iq4u-001kxeC@mail.alien.bt.co.uk>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-linux@cthulhu.engr.sgi.com
Precedence: bulk
Content-Transfer-Encoding: 7bit

Pete Young wrote:
> 
> > hehe... well, that will work to, I guess... :-)
> 
> Well, it did for me with an Indy running 5.3 .
> 
> As an aside, Irix as shipped has to be the most simple unix variant to
> break that I've ever come across. Why on earth does all that stuff have
> to run setuid root? Never thought I'd be advocating a switch to Linux
> on security grounds, but there you go!
> 

I think that may be a bit unfair.  Irix 5.3 is real old (Nov 17, 1994)
and while it had many security issues I think a lot of other vendors
probably did as well in that time frame.  There are a lot of security
patches available for Irix 5.3 and I'm guessing they are probably not
loaded on the machine you are using.  These patches are made available
to everyone regardless of whether you have a support contract or not. 
You can find information at
http://www.sgi.com/Support/security/security.html  If you find something
that is not fixed you can report it at that site as well.  

Cheers, Alistair

-- 
Alistair Lambie                                alambie@csd.sgi.com
SGI Global Product Support            SGI Voicemail/VNET: 234-1455
Level 5, Cigna House,                                M/S: INZ-3780
PO Box 24 093,                                  Ph: +64-4-494 6325
40 Mercer St, Wellington,                      Fax: +64-4-494 6321
New Zealand                                 Mobile: +64-21-635 262