Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 29 Jul 1997 01:28:13 -0400
From:      "Gary Palmer" <gpalmer@FreeBSD.ORG>
To:        Vincent Poy <vince@mail.MCESTATE.COM>
Cc:        Nate Williams <nate@mt.sri.com>, "Jonathan A. Zdziarski" <jonz@netrail.net>, security@FreeBSD.ORG, JbHunt <johnnyu@accessus.net>, "[Mario1-]" <mario1@PrimeNet.Com>
Subject:   Re: security hole in FreeBSD 
Message-ID:  <29452.870154093@orion.webspan.net>
In-Reply-To: Your message of "Mon, 28 Jul 1997 21:12:44 PDT." <Pine.BSF.3.95.970728211109.3844i-100000@mail.MCESTATE.COM> 

next in thread | previous in thread | raw e-mail | index | archive | help
Vincent Poy wrote in message ID
<Pine.BSF.3.95.970728211109.3844i-100000@mail.MCESTATE.COM>:
> 	Nothing is unhackable.  and the hacker did say it was the .rhosts
> file along with perl5.00401 that did it.  Nothing is foolproof.

As evidenced by the fact you believe him. Questions that remain
unanswered:

1) if he did use an .rhosts, how did the file get there?

2) I didn't know there was a setuid bug in perl 5.00401. What did he
   do to exploit perl?

3) Did you really talk to him on irc, or just some lamer pretending to
   have done the hack?

and most importantly:

4) did you LEARN from this experience? If not, *WHY* not?

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?29452.870154093>