Date: Mon, 24 Jun 1996 17:28:45 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: hackers@FreeBSD.ORG, security@FreeBSD.ORG, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960624172711.21697R-100000@mercury.gaianet.net> In-Reply-To: <27780.835661925@palmer.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Gary Palmer wrote: > [ CC: Trimmed ] > > > Yeah, that's the real question is like if he can transfer the > > binary from another machine and have it work... other people can do the > > same thing and gain access to FreeBSD boxes as root as long as they have > > a account on that machine... > > Sort of. You need root access in the first place to create a suid root > shell... It could be an old exploit that is now closed (like the > mount_union loophole)... Yeah, I was thinking you do need to be root in the first place to do it. I think this guy got a account after ther mount_union loophole since we're running -current and -current did fix the security problems... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960624172711.21697R-100000>