Crackers and Worms
der Mouse
mouse at mcgill-vision.UUCP
Fri Dec 2 09:20:39 AEST 1988
In article <1308 at zippy.eecs.umich.edu>, cja at entebbe.eecs.umich.edu (Charles J. Antonelli) writes:
> In article <chomp!> Rahul Dhesi (dhesi at bsu-cs.uucp) writes:
(Is that really the Message-ID of Rahul's article? I hope not!)
>> But at's jobs to be executed are owned by daemon, so isn't being
>> daemon just a trivial step away from being root? Somebody mentioned
>> this earlier and nobody contradicted him.
> consider the statement contradicted. daemon is just another non-root
> uid.
Not "just" that. On our 4.3, at least, the at queue *is* owned by
daemon. Therefore, if I can break in with uid daemon, I can queue an
arbitrary at job to be run by an arbitrary user, such as root. Now
what was that again about how daemon was just another non-root uid?
der Mouse
old: mcgill-vision!mouse
new: mouse at larry.mcrcim.mcgill.edu
More information about the Comp.unix.wizards
mailing list