From owner-freebsd-security  Mon Jun 24 17:14:30 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA25589
          for security-outgoing; Mon, 24 Jun 1996 17:14:30 -0700 (PDT)
Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA25568;
          Mon, 24 Jun 1996 17:14:24 -0700 (PDT)
Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id RAA21505; Mon, 24 Jun 1996 17:14:08 -0700 (PDT)
Date: Mon, 24 Jun 1996 17:14:07 -0700 (PDT)
From: -Vince- <vince@mercury.gaianet.net>
To: Poul-Henning Kamp <phk@FreeBSD.org>
cc: Matthew Jason White <mwhite+@CMU.EDU>,
        Mark Murray <mark@grumble.grondar.za>, Wilko Bulte <wilko@yedi.iaf.nl>,
        "Jordan K. Hubbard" <jkh@time.cdrom.com>, guido@gvr.win.tue.nl,
        hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org,
        Chad Shackley <chad@mercury.gaianet.net>,
        jbhunt <jbhunt@mercury.gaianet.net>
Subject: Re: I need help on this one - please help me track this guy down! 
In-Reply-To: <1092.835661388@critter.tfs.com>
Message-ID: <Pine.BSF.3.91.960624171334.21697P-100000@mercury.gaianet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 24 Jun 1996, Poul-Henning Kamp wrote:

> >	Yeah, that's the real question is like if he can transfer the 
> >binary from another machine and have it work... other people can do the 
> >same thing and gain access to FreeBSD boxes as root as long as they have 
> >a account on that machine...
> 
> The binary is an ordinary shell with a setuid bit.

	Hmmm, how did they get the file into their account with the 
setuid bit?

Vince