Date: Tue, 25 Jun 1996 12:02:23 +0200 From: Mark Murray <mark@grumble.grondar.za.@grondar.za> To: -Vince- <vince@mercury.gaianet.net> Cc: Don Yuniskis <dgy@rtd.com>, mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606251002.MAA09345@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
-Vince- wrote: > On Tue, 25 Jun 1996, Don Yuniskis wrote: > > > Hmmm, that's only if we had phone support.... We don't :) but do > > > admins really go run a program that the user said won't run? > > > > Well, it *appears* that one of *you* did! :> > > Well, jbhunt was the one who gave the user the account and the > user just transferred the root which is /bin/sh with setuid and ran it > and he got root.... Review that. _Carefully_. I think you are seriously WRONG there. That user did something sneaky, and you did not see it. M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grondar.za for PGP key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251002.MAA09345>