Date: Tue, 25 Jun 1996 01:52:02 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: Don Yuniskis <dgy@rtd.com> Cc: mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960625015113.21697o-100000@mercury.gaianet.net> In-Reply-To: <199606250851.BAA00894@seagull.rtd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Don Yuniskis wrote: > It seems that -Vince- said: > > > > On Tue, 25 Jun 1996, Mark Murray wrote: > > > > > > In his home directory he places a script called "dir" that creates a > > > suid shell (silently) then prints the usual "command not found" error. > > > > > > He then phones you, asking for support, and tries to trick you into > > > running his script. Having "." in your path makes his trickery easier. > > > > Hmmm, that's only if we had phone support.... We don't :) but do > > admins really go run a program that the user said won't run? > > Well, it *appears* that one of *you* did! :> Well, jbhunt was the one who gave the user the account and the user just transferred the root which is /bin/sh with setuid and ran it and he got root.... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960625015113.21697o-100000>