Date: Thu, 27 Jun 1996 10:43:12 +0930 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: vince@mercury.gaianet.net (-Vince-) Cc: security@FreeBSD.ORG, chad@mercury.gaianet.net, jbhunt@mercury.gaianet.n Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606270113.KAA08033@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.960626135432.2935B-100000@mercury.gaianet.net> from "-Vince-" at Jun 26, 96 01:55:05 pm
next in thread | previous in thread | raw e-mail | index | archive | help
-Vince- stands accused of saying: > > > > Well, *if* that's true, it still wouldn't be setuid root just from the > > transfer. He'd *still* have to get root some other way to make this > > binary setuid root. > > > > But if he's going to do that, why bother copying a binary over the > > network -- it would just be easier to just snag a copy of your own > > /bin/sh and mark it setuid root. > > Hmmm, what happens if he tars it first and then sends it over? Vince, you are, like, _spectacularly_ dim. Tar is a program. It reads datafiles, and writes new files based on what it reads. It is not magic. If it reads a tarfile that tells it to create a setuid root file, it will try to do so. Note that about half a dozen people have said _very_plainly_ that to create or make a setuid root file one _must_already_be_root_. Or am I just wasting my ulcer on you? > Vince -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606270113.KAA08033>