From owner-freebsd-security  Sun Aug 10 11:32:30 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id LAA04970
          for security-outgoing; Sun, 10 Aug 1997 11:32:30 -0700 (PDT)
Received: from shell.firehouse.net (brian@shell.firehouse.net [209.42.203.45])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA04957
          for <freebsd-security@FreeBSD.ORG>; Sun, 10 Aug 1997 11:32:27 -0700 (PDT)
Received: from localhost (brian@localhost)
	by shell.firehouse.net (8.8.5/8.8.5) with SMTP id OAA19104;
	Sun, 10 Aug 1997 14:32:15 -0400 (EDT)
Date: Sun, 10 Aug 1997 14:32:13 -0400 (EDT)
From: Brian Mitchell <brian@firehouse.net>
To: "Jonathan A. Zdziarski" <jonz@netrail.net>
cc: bugtraq@netspace.org, freebsd-security@FreeBSD.ORG
Subject: Re: procfs hole
In-Reply-To: <Pine.BSF.3.95q.970810102208.13506A-100000@netrail.net>
Message-ID: <Pine.BSI.3.95.970810143116.19099A-100000@shell.firehouse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 10 Aug 1997, Jonathan A. Zdziarski wrote:

> I attempted to run it and got the following trying to run it with 'root'
> as the user (even providing the correct password):
> 
> Demonstration of 4.4BSD procfs hole
> Brian Mitchell <brian@firehouse.net>
> 
> after you see "setuid changed", enter the pw for the user
> Be warned, searching for the setuid() function takes a long time!
> Password:searching - please be patient...
> setuid changed (0x8046f64)
> 
> _su: Permission denied.

You also using a shell of tcsh or csh. As I noted, you need to change your
shell to /bin/sh or something similar (or use the -b argument). Judging by
the string, i'm guessing it is tcsh (as csh uses a diff string)