Date: Tue, 25 Jun 96 15:02:08 +0000 From: Andrew.Gordon@net-tel.co.uk To: list:; Cc: security@freebsd.org Subject: Re(2): I need help on this one - please help me track this guy down! Message-ID: <"811-960625150230-D047*/G=Andrew/S=Gordon/O=NET-TEL Computer Systems Ltd/PRMD=NET-TEL/ADMD=Gold 400/C=GB/"@MHS> In-Reply-To: <199606251242.WAA00732@genesis.atrad.adelaide.edu.au>
index | next in thread | previous in thread | raw e-mail
> -Vince- stands accused of saying: > > > > Yeah, you have a point but jbhunt was watching the user as he > > hacked root since he brought the file from his own machine.... so that > > wasn't something the admin was tricked into doing.. But what file transfer mechanism was used? NFS maybe? Certainly a simple NFS mount of an untrusted machine is a dangerous thing to do, since setuids on those files will be obeyed. Maybe you allow this via an incautious AMD map? Personally, I like to mount all NFS filesystems "nosuid" - and likewise for all local systems exported by NFS (I don't normally export / or /usr). Most users have no business creating setuid programs in their filespace, and such a policy would most likely have prevented this breach even if the setuid binary was created by some other means.home | help