Date: Mon, 15 Sep 1997 09:02:16 +0200 From: j@uriah.heep.sax.de (J Wunsch) To: freebsd-hackers@FreeBSD.ORG Subject: Re: Why SPERL? Message-ID: <19970915090216.CL25419@uriah.heep.sax.de> In-Reply-To: <Pine.BSF.3.96.970915062637.22299A-100000@krusty.the.clown.engelska.se>; from Existence is Futile on Sep 15, 1997 06:30:43 %2B0200 References: <Pine.BSF.3.96.970915062637.22299A-100000@krusty.the.clown.engelska.se>
next in thread | previous in thread | raw e-mail | index | archive | help
As Existence is Futile wrote: > Someone posted a similar message earlier, but I never saw a reply (might > have been because the mailserver for this domain is Linux.. hehe). Then you didn't read very carefully. > Why does even the latest RELENG (that I've used) include sperl4.036? Because we have fixed all known security holes. > when > it's a well known way to get root? it came in handy today when some guy > couldn't su because he wasnt in the wheel group and couldn't login as root > any other way (being 45 minutes away). But, it's a serious security flaw! j@uriah 104% make sperl cc -O2 -m486 -pipe sperl.c -o sperl j@uriah 105% ./sperl #‰^ N Can't open perl script " 1Ò‰V‰V‰VsVx1À°; ‰ÊRQSPëwèØÿÿÿ/bin/sh````aaaabbbbcccccoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿^[[?1;2cïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ïoÕ¿ï": File name too long > Of course, this may have already been fixed and I'm just blowing hot air > all around, but its an old exploit and the august releng's at least > include it. Which August? I've fixed it on August 8, 1996 (although i've missed a few function calls originally). -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970915090216.CL25419>