WARNING: SCO-Xenix game "hack", setuid root
Brandon S. Allbery KB8JRR/AA
allbery at NCoast.ORG
Fri Apr 19 09:38:51 AEST 1991
As quoted from <1991Apr17.192850.10450 at odbffm.incom.de> by oli at odbffm.incom.de (Oliver Boehmer):
+---------------
| When I recently went through the setuid-files on my system, I found, that
| /usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root.
| This version is part of SCO-XENIX Games and was installed with this
| permissions by the SCO-Utility custom.
+---------------
Gaaaaaaaaaaaaaaaaaaak. I've heard of stupid security holes, but that one has
to take the cake.
++Brandon
--
Me: Brandon S. Allbery Ham: KB8JRR/AA on 2m, 220, 440, 1200
Internet: allbery at NCoast.ORG (QRT on HF until local problems fixed)
America OnLine: KB8JRR // Delphi: ALLBERY AMPR: kb8jrr.AmPR.ORG [44.70.4.88]
uunet!usenet.ins.cwru.edu!ncoast!allbery KB8JRR @ WA8BXN.OH
More information about the Comp.unix.xenix.sco
mailing list