WARNING: SCO-Xenix game "hack", setuid root
Weaver Hickerson
wdh at holos0.uucp
Tue Apr 23 23:39:26 AEST 1991
In article <1991Apr18.233851.29567 at NCoast.ORG> allbery at ncoast.ORG (Brandon S. Allbery KB8JRR/AA) writes:
>As quoted from <1991Apr17.192850.10450 at odbffm.incom.de> by oli at odbffm.incom.de (Oliver Boehmer):
>+---------------
>| When I recently went through the setuid-files on my system, I found, that
>| /usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root.
>| This version is part of SCO-XENIX Games and was installed with this
>| permissions by the SCO-Utility custom.
>+---------------
>
>Gaaaaaaaaaaaaaaaaaaak. I've heard of stupid security holes, but that one has
>to take the cake.
>
>++Brandon
We don't have any of the games here but, I was wondering, is it perhaps
possible that we have something like a:
switch((pid=fork()))
{
case 0:
setuid(saveduid)
exec(...)
exit(-1)
blah blah
}
In other words, the shell escape is NOT root and never will be. That's prolly
the way I would do it.
Oh well, what the hack!
Weaver
--
-Weaver Hickerson Voice (404) 496-1358 : ..!edu!gatech!holos0!wdh
More information about the Comp.unix.xenix.sco
mailing list