The Wily Hacker
Andy Freeman
andy at cayuga.Stanford.EDU
Fri Jul 29 16:52:13 AEST 1988
In article <660 at sunspot.UUCP> cmiller at noao.UUCP (Charlie Miller) writes:
> He also exploited a bug in the Gnu-Emacs editor: using the
>built in mail system, allowing users to forward a file to another
>user, Emacs uses the UNIX set user ID root feature. He used this
>program to put a shell script (to execute a root level) into the
>systems area that when executed would grant him system privileges.
The GNU Emacs installation instructions explicitly warn against making
those parts setupid root; they don't need root privs to work properly.
Software that is incorrectly installed often allows security failures,
but the installer, not the software, is to blame.
-andy
UUCP: {arpa gateways, decwrl, uunet, rutgers}!polya.stanford.edu!andy
ARPA: andy at polya.stanford.edu
(415) 329-1718/723-3088 home/cubicle
More information about the Comp.unix.questions
mailing list