From owner-freebsd-security  Mon Jul 28 14:44:44 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id OAA05318
          for security-outgoing; Mon, 28 Jul 1997 14:44:44 -0700 (PDT)
Received: from mail.MCESTATE.COM (vince@mail.MCESTATE.COM [207.211.200.50])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA05295
          for <security@FreeBSD.ORG>; Mon, 28 Jul 1997 14:44:40 -0700 (PDT)
Received: from localhost (vince@localhost)
	by mail.MCESTATE.COM (8.8.5/8.8.5) with SMTP id OAA06194;
	Mon, 28 Jul 1997 14:44:15 -0700 (PDT)
Date: Mon, 28 Jul 1997 14:44:14 -0700 (PDT)
From: Vincent Poy <vince@mail.MCESTATE.COM>
To: "[Mario1-]" <Mario1@PrimeNet.Com>
cc: JbHunt <johnnyu@accessus.net>,
        Robert Watson <robert+freebsd@cyrus.watson.org>,
        Tomasz Dudziak <loco@onyks.wszib.poznan.pl>, security@FreeBSD.ORG
Subject: Re: security hole in FreeBSD
In-Reply-To: <Pine.WNT.3.96.970728125836.-168391A-100000@frontera>
Message-ID: <Pine.BSF.3.95.970728144205.3844C-100000@mail.MCESTATE.COM>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 28 Jul 1997, [Mario1-] wrote:

=)On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote:
=)
=): There IS one common hole I've seen apache and stronghold have, and that is
=): that some people like to leave their sessiond or httpd files owned by
=): 'nobody'.  This allows somebody running CGI on that system to replace
=): those binaries with their own, hacked binaries (since the scripts are
=): usually owned as nobody), and the next time httpd starts, they can make it
=): write a root shell, or just about anything along those lines.
=)
=)Now THIS is interesting. I was thinking about this a little while ago.
=)Didn't it seem like 'nobody' had an awful lot of processes running
=)last night?

	Yes, it did but they were all httpd and I understand apache httpd
has fixed this security hole a long time ago since we are using the new
version of apache.  


Cheers,
Vince - vince@MCESTATE.COM - vince@GAIANET.NET           ________   __ ____ 
Unix Networking Operations - FreeBSD-Real Unix for Free / / / / |  / |[__  ]
GaiaNet Corporation - M & C Estate                     / / / /  | /  | __] ]  
Beverly Hills, California USA 90210                   / / / / / |/ / | __] ]
HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]