SECURITY BUG IN INTERACTIVE UNIX SYSV386
Rick Farris
rfarris at rfengr.com
Sun Feb 17 15:10:36 AEST 1991
In article <1991Feb15.134715.16979 at virtech.uucp> cpcahil at virtech.uucp (Conor P. Cahill) writes:
| 2. I wholeheartly DISAGREE with you posting the source code which
| performs the security bypass. You could have just posted the
| uuencoded binary which would have been enough to prove your point
| without making it extremely easy for any two bit user to obtain
| privileged access.
| POSTING THE CODE WAS DEAD WRONG.
Personally, I would never, ever, EVER run a binary that had
come across on the net. No matter what the accompanying text
said it did, and especially if I thought it might mess with
permissions.
Suppose that in addition to creating a root shell, it did
something else nasty?
--
Rick Farris RF Engineering POB M Del Mar, CA 92014 voice (619) 259-6793
rfarris at rfengr.com ...!ucsd!serene!rfarris serenity bbs 259-7757
More information about the Comp.unix.sysv386
mailing list