What's so special about uudecode?
David Daniel
tronix at polari.UUCP
Sun Dec 30 19:45:04 AEST 1990
[]Ha! I think your vendor has made the *dreadful* error of making
[]uudecode setuid to uucp "for the convenience of decoding received uucp
[]files". I have seen systems where this is a horrible security hole in
[]that uudecode will allow anyone to make a setuid-to-uucp shell (begin 4755
[remainder of security hole explanation deleted]
Even
though you've told the net at large and who knows how many BBS's
around the world exactly how to hack a specific system and possibly
others I'll make a suggestion:
You should have answered this person via e-mail with a cc to root. I'm
glad I don't have an account on his system.
--
David Daniel (The man with no disclaimer) tronix at polari.UUCP
"Beware the Truth. If you find a Truth it can demand that you make painful
changes." - Frank Herbert
More information about the Comp.unix.questions
mailing list