Date: Mon, 12 Jul 1999 21:26:21 +0930 (CST) From: Mark Newton <newton@atdot.dotat.org> To: mike@sentex.net (Mike Tancsa) Cc: security@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: 3.x backdoor rootshell security hole Message-ID: <199907121156.VAA05155@atdot.dotat.org> In-Reply-To: <4.1.19990712080116.053e4430@granite.sentex.ca> from "Mike Tancsa" at Jul 12, 99 08:05:03 am
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote:
> Has anyone looked at the articled below ? Here is a quote,
> "The following module was a nice idea I had when playing around with the
> proc structure. Load this module, and you can 'SU' without a password.
If you have enough privileges to load a module, you have enough
privileges to su without a password already (by creating an suid
shell, for example)
- mark
--------------------------------------------------------------------
I tried an internal modem, newton@atdot.dotat.org
but it hurt when I walked. Mark Newton
----- Voice: +61-4-1620-2223 ------------- Fax: +61-8-82231777 -----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907121156.VAA05155>