From owner-freebsd-security Mon Jul 28 22:28:21 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA10626 for security-outgoing; Mon, 28 Jul 1997 22:28:21 -0700 (PDT) Received: from mail.webspan.net (root@mail.webspan.net [206.154.70.7]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA10620 for ; Mon, 28 Jul 1997 22:28:19 -0700 (PDT) Received: from orion.webspan.net (orion.webspan.net [206.154.70.5]) by mail.webspan.net (WEBSPAN/970608) with ESMTP id BAA21313; Tue, 29 Jul 1997 01:28:13 -0400 (EDT) Received: from orion.webspan.net (localhost [127.0.0.1]) by orion.webspan.net (WEBSPAN/970608) with ESMTP id BAA29455; Tue, 29 Jul 1997 01:28:13 -0400 (EDT) To: Vincent Poy cc: Nate Williams , "Jonathan A. Zdziarski" , security@FreeBSD.ORG, JbHunt , "[Mario1-]" From: "Gary Palmer" Subject: Re: security hole in FreeBSD In-reply-to: Your message of "Mon, 28 Jul 1997 21:12:44 PDT." Date: Tue, 29 Jul 1997 01:28:13 -0400 Message-ID: <29452.870154093@orion.webspan.net> Sender: owner-freebsd-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Vincent Poy wrote in message ID : > Nothing is unhackable. and the hacker did say it was the .rhosts > file along with perl5.00401 that did it. Nothing is foolproof. As evidenced by the fact you believe him. Questions that remain unanswered: 1) if he did use an .rhosts, how did the file get there? 2) I didn't know there was a setuid bug in perl 5.00401. What did he do to exploit perl? 3) Did you really talk to him on irc, or just some lamer pretending to have done the hack? and most importantly: 4) did you LEARN from this experience? If not, *WHY* not? Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info