uudecode

Ronald Khoo ronald at ibmpcug.UUCP
Sat Jul 8 22:40:56 AEST 1989


In article <1264 at servax0.essex.ac.uk> peter at essex.ac.uk writes:
>
>No-one has come up with why it is setuid in the first place.
Always puzzled me, that, especially since it's also a trojan that way.
At least some versions of uudecode shipped setuid I have come across
honour a four digit mode arg, so uuencoding and uudecoding the binary from
the usual main() { execl("/bin/csh", "csh", (char *)0); } and altering
the  begin 755 to begin 4755 means giving L.sys away to all and sundry
on systems where ~uucp/* is owned by uucp.  This probably means *your* system.

>Taking setuid off certainly fixes my problem.
And the other one. :-)

Moral: check all setuid programs, not just the ones setuid root.
       Don't you think that allowing anyone to fake being your computer
       to all your UUCP neighbours is as bad as any 'root' breach?
-- 
Ronald.Khoo at ibmpcug.CO.UK (The IBM PC User Group, PO Box 360, Harrow HA1 4LQ)
Path: ...!ukc!slxsys!ibmpcug!ronald Phone: +44-1-863 1191 Fax: +44-1-863 6095
Disclaimer: With my opinion of PCs, ibmpcug probably disclaims knowledge of me!



More information about the Comp.unix.questions mailing list