From owner-freebsd-security  Tue Jun 25 01:51:37 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id BAA03646
          for security-outgoing; Tue, 25 Jun 1996 01:51:37 -0700 (PDT)
Received: from seagull.rtd.com (root@seagull.rtd.com [198.102.68.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id BAA03634;
          Tue, 25 Jun 1996 01:51:33 -0700 (PDT)
Received: (from dgy@localhost) by seagull.rtd.com (8.7.5/1.2) id BAA00894; Tue, 25 Jun 1996 01:51:04 -0700 (MST)
From: Don Yuniskis <dgy@rtd.com>
Message-Id: <199606250851.BAA00894@seagull.rtd.com>
Subject: Re: I need help on this one - please help me track this guy down!
To: vince@mercury.gaianet.net (-Vince-)
Date: Tue, 25 Jun 1996 01:51:03 -0700 (MST)
Cc: mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG,
        chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net
In-Reply-To: <Pine.BSF.3.91.960625002724.21697g-100000@mercury.gaianet.net> from "-Vince-" at Jun 25, 96 00:28:34 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

It seems that -Vince- said:
> 
> On Tue, 25 Jun 1996, Mark Murray wrote:
> > 
> > In his home directory he places a script called "dir" that creates a
> > suid shell (silently) then prints the usual "command not found" error.
> > 
> > He then phones you, asking for support, and tries to trick you into
> > running his script. Having "." in your path makes his trickery easier.
> 
> 	Hmmm, that's only if we had phone support.... We don't :)  but do 
> admins really go run a program that the user said won't run?

Well, it *appears* that one of *you* did!  :>