Date: Mon, 12 Jul 1999 08:05:03 -0400 From: Mike Tancsa <mike@sentex.net> To: security@freebsd.org Cc: stable@freebsd.org Subject: 3.x backdoor rootshell security hole Message-ID: <4.1.19990712080116.053e4430@granite.sentex.ca>
next in thread | raw e-mail | index | archive | help
Has anyone looked at the articled below ? Here is a quote, "The following module was a nice idea I had when playing around with the proc structure. Load this module, and you can 'SU' without a password. The idea is very simple. The module implements a system call that gets one argument : a PID. This can be the PID of any process, but will normally be the PID of your user account shell (tcsh, sh, bash or whatever). This process will then become root (UID 0) by manipulating its cred structure. Here we go : " >X-To: BUGTRAQ@securityfocus.com >To: BUGTRAQ@SECURITYFOCUS.COM >X-UIDL: 88369f61515db2b291adff1fa2ad57e7 > >Hi folks, > >THC released a new article dealing with FreeBSD 3.x >Kernel modules that can attack/backdoor the >system. >You can find our article on http://thc.pimmel.com or >http://r3wt.base.org. > >Greets, pragmatic / The Hacker's Choice ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990712080116.053e4430>