Old rlogin bug
Dan Zenchelsky
dzenc at gnu.ai.mit.edu
Thu Jul 26 12:36:47 AEST 1990
In article <DJM.90Jul25190101 at frob.eng.umd.edu> djm at eng.umd.edu (David J. MacKenzie) writes:
>
>So I login to a host and run this like so:
>exec "login -r localhost"
>and stick this on logins stdin: "root\0root\0sun/9600"
>
>And I get a root shell. They took this auth code out of login in 4.3T
>and make rlogind do it.
Except that all of the logins I've seen make sure getuid()==0 before allowing
this to happen. So, the only way to do this is to already be root.
>--
>David J. MacKenzie <djm at eng.umd.edu> <djm at ai.mit.edu>
-Dan
--
___________________________________________________________________________
| _______ |________________________________________|
| || |o| Dan Zenchelsky | |
| ||____| | | Any sufficiently advanced bug is |
| | ___ | dzenc at gnu.ai.mit.edu | indistinguishable from a feature. |
| |_|___|_| |______________-- Rich Kulawiec__________|
|__________________________________|________________________________________|
More information about the Comp.unix.wizards
mailing list