From owner-freebsd-hackers  Mon Jun 24 17:21:04 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id RAA25963
          for hackers-outgoing; Mon, 24 Jun 1996 17:21:04 -0700 (PDT)
Received: from palmer.demon.co.uk (palmer.demon.co.uk [158.152.50.150])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA25935;
          Mon, 24 Jun 1996 17:20:54 -0700 (PDT)
Received: from palmer.demon.co.uk (localhost [127.0.0.1])
          by palmer.demon.co.uk (sendmail/PALMER-2) with ESMTP id BAA27782;
          Tue, 25 Jun 1996 01:18:48 +0100 (BST)
To: -Vince- <vince@mercury.gaianet.net>
cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG
From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
Subject: Re: I need help on this one - please help me track this guy down! 
In-reply-to: Your message of "Mon, 24 Jun 1996 16:54:26 PDT."
             <Pine.BSF.3.91.960624165238.21697L-100000@mercury.gaianet.net> 
Date: Tue, 25 Jun 1996 01:18:45 +0100
Message-ID: <27780.835661925@palmer.demon.co.uk>
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


[ CC: Trimmed ]

> 	Yeah, that's the real question is like if he can transfer the 
> binary from another machine and have it work... other people can do the 
> same thing and gain access to FreeBSD boxes as root as long as they have 
> a account on that machine...

Sort of. You need root access in the first place to create a suid root
shell... It could be an old exploit that is now closed (like the
mount_union loophole)...

Gary
--
Gary Palmer                                          FreeBSD Core Team Member
FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info