How did the worm become nobody?

Jacob Gore gore at eecs.nwu.edu
Sat Nov 26 12:41:28 AEST 1988


A question to people who know how the Internet Worm of 88 (yeah, I know,
the year isn't over yet :-) worked:

On my system, the /usr/tmp/ files it left behind were owned by user
'nobody'.  Can anybody tell me how that happened?

Some facts:

The OS is Mt. Xinu's 4.3BSD+NFS (the machine is a VAX, if that matters).
Ypserv and ypbind are running, but aren't doing much (we use bind's resolv
library directly, and don't yp passwords).  The mail system is MMDF, so it
wasn't the sendmail attack that got to us (we did check if the same trick
works with MMDF; it doesn't).

Jacob Gore				Gore at EECS.NWU.Edu
Northwestern Univ., EECS Dept.		{oddjob,gargoyle,att}!nucsrl!gore



More information about the Comp.unix.wizards mailing list