SGI recommends changing the permissions of the disk_bandwidth program to allow execution only by system administrators. Removing the setuid bit, and restricting the file permissions to allow only for execution by root, or those in a specific group will eliminate this vulnerability, so long as these users do not have '.' as the first element in their path; this would allow an attacker to possibly still perform the attack, by waiting for the administrator to execute the program in a specific directory. # chmod 500 /sbin/disk_bandwidth
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user tricks the disk_bandwidth program into running a malicious binary or a malicious script, due to its failure to use an absolute path in a system function call. This flaw may lead to a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
#/bin/chmod 500 /sbin/disk_bandwidth