From owner-freebsd-hackers Tue Jun 25 02:22:35 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id CAA07119 for hackers-outgoing; Tue, 25 Jun 1996 02:22:35 -0700 (PDT) Received: from mercury.gaianet.net (root@mercury.gaianet.net [206.171.98.26]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id CAA07114; Tue, 25 Jun 1996 02:22:32 -0700 (PDT) Received: (from vince@localhost) by mercury.gaianet.net (8.7.5/8.6.12) id CAA20749; Tue, 25 Jun 1996 02:22:11 -0700 (PDT) Date: Tue, 25 Jun 1996 02:22:11 -0700 (PDT) From: -Vince- To: Don Yuniskis cc: dgy@rtd.com, mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! In-Reply-To: <199606250903.CAA01576@seagull.rtd.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 25 Jun 1996, Don Yuniskis wrote: > It seems that -Vince- said: > > > > On Tue, 25 Jun 1996, Don Yuniskis wrote: > > > > > It seems that -Vince- said: > > > > Hmmm, that's only if we had phone support.... We don't :) but do > > > > admins really go run a program that the user said won't run? > > > > > > Well, it *appears* that one of *you* did! :> > > > > Well, jbhunt was the one who gave the user the account and the > > user just transferred the root which is /bin/sh with setuid and ran it > > and he got root.... > > Um, someone can (and undoubtedly *will* :>) correct me if I'm wrong > but there's *NO WAY* to install a setuid binary *without* having root > in the first place! So, he could copy the program onto your > machine and the system would strip the "setuid" bit automatically. > Otherwise, there's no point in the setuid mechanism as anyone could make > a setuid binary on their own system and just upload it to yours! Yeah, that's what I'm trying to figure out... Vince