SECURITY BUG IN INTERACTIVE UNIX SYSV386
Heiko Blume
src at scuzzy.in-berlin.de
Fri Feb 15 22:52:43 AEST 1991
sef at kithrup.COM (Sean Eric Fagan) writes:
>In article <1991Feb13.221259.1462 at scuzzy.in-berlin.de> src at scuzzy.in-berlin.de (Heiko Blume) writes:
>>not exactly, for public access to my source archive i've set up
>>a chroot() user that can't write anywhere, unhackable :-)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Sorry, that's not the case. Once you've got root access, you can go through
>and do lots of nasty things, including setting u.u_rdir to something useful,
>like '/'. Figuring out how to do so is left as an excercise for the reader.
once you've got root access, yes, but you can get root access.
the only thing that that user can do is *read* files, nothing else.
the only commands available are ls, sz, zmore and tar. try figuring
out how to become root with this as a long lasting excercise.
--
Heiko Blume <-+-> src at scuzzy.in-berlin.de <-+-> (+49 30) 691 88 93
public source archive [HST V.42bis]:
scuzzy Any ACU,f 38400 6919520 gin:--gin: nuucp sword: nuucp
uucp scuzzy!/src/README /your/home
More information about the Comp.unix.sysv386
mailing list