How did the worm become nobody?
Jacob Gore
gore at eecs.nwu.edu
Sun Nov 27 08:15:26 AEST 1988
I asked:
>/ comp.unix.wizards / gore at eecs.nwu.edu (Jacob Gore) / Nov 25, 1988 /
>On my system, the /usr/tmp/ files it left behind were owned by user
>'nobody'. Can anybody tell me how that happened?
The first two replies came from Doug Kingston <dpk at morgan.com> and from
<smb at ulysses.uucp> (thanks!), and I'm sure I'll get more before this
message gets out, so thanks, in advance, to all who have replied.
The answer is in the /etc/inetd.conf file:
>finger stream tcp nowait nobody /etc/fingerd fingerd
The worm got through the fingerd hole, and fingerd is run as user 'nobody'.
Jacob Gore Gore at EECS.NWU.Edu
Northwestern Univ., EECS Dept. {oddjob,gargoyle,att}!nucsrl!gore
More information about the Comp.unix.wizards
mailing list