Date: Tue, 29 Jul 1997 01:28:13 -0400 From: "Gary Palmer" <gpalmer@FreeBSD.ORG> To: Vincent Poy <vince@mail.MCESTATE.COM> Cc: Nate Williams <nate@mt.sri.com>, "Jonathan A. Zdziarski" <jonz@netrail.net>, security@FreeBSD.ORG, JbHunt <johnnyu@accessus.net>, "[Mario1-]" <mario1@PrimeNet.Com> Subject: Re: security hole in FreeBSD Message-ID: <29452.870154093@orion.webspan.net> In-Reply-To: Your message of "Mon, 28 Jul 1997 21:12:44 PDT." <Pine.BSF.3.95.970728211109.3844i-100000@mail.MCESTATE.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote in message ID <Pine.BSF.3.95.970728211109.3844i-100000@mail.MCESTATE.COM>: > Nothing is unhackable. and the hacker did say it was the .rhosts > file along with perl5.00401 that did it. Nothing is foolproof. As evidenced by the fact you believe him. Questions that remain unanswered: 1) if he did use an .rhosts, how did the file get there? 2) I didn't know there was a setuid bug in perl 5.00401. What did he do to exploit perl? 3) Did you really talk to him on irc, or just some lamer pretending to have done the hack? and most importantly: 4) did you LEARN from this experience? If not, *WHY* not? Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29452.870154093>