From owner-freebsd-security Tue Jun 25 02:04:19 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA04860 for security-outgoing; Tue, 25 Jun 1996 02:04:19 -0700 (PDT) Received: from seagull.rtd.com (root@seagull.rtd.com [198.102.68.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA04855; Tue, 25 Jun 1996 02:04:16 -0700 (PDT) Received: (from dgy@localhost) by seagull.rtd.com (8.7.5/1.2) id CAA01576; Tue, 25 Jun 1996 02:03:35 -0700 (MST) From: Don Yuniskis Message-Id: <199606250903.CAA01576@seagull.rtd.com> Subject: Re: I need help on this one - please help me track this guy down! To: vince@mercury.gaianet.net (-Vince-) Date: Tue, 25 Jun 1996 02:03:35 -0700 (MST) Cc: dgy@rtd.com, mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net In-Reply-To: from "-Vince-" at Jun 25, 96 01:52:02 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk It seems that -Vince- said: > > On Tue, 25 Jun 1996, Don Yuniskis wrote: > > > It seems that -Vince- said: > > > Hmmm, that's only if we had phone support.... We don't :) but do > > > admins really go run a program that the user said won't run? > > > > Well, it *appears* that one of *you* did! :> > > Well, jbhunt was the one who gave the user the account and the > user just transferred the root which is /bin/sh with setuid and ran it > and he got root.... Um, someone can (and undoubtedly *will* :>) correct me if I'm wrong but there's *NO WAY* to install a setuid binary *without* having root in the first place! So, he could copy the program onto your machine and the system would strip the "setuid" bit automatically. Otherwise, there's no point in the setuid mechanism as anyone could make a setuid binary on their own system and just upload it to yours!