Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 1996 07:03:31 -0700
From:      mark thompson <thompson@tgsoft.com>
To:        hackers@freefall.freebsd.org
Subject:   Re: I need help on this one - please help me track this guy down!
Message-ID:  <199606251403.HAA15335@squirrel.tgsoft.com>
In-Reply-To: message from Don Yuniskis on Tue, 25 Jun 1996 02:03:35 -0700 (MST)

next in thread | raw e-mail | index | archive | help
   It seems that -Vince- said:
   > 
   > On Tue, 25 Jun 1996, Don Yuniskis wrote:
   > 
   > > It seems that -Vince- said:
   > > > 	Hmmm, that's only if we had phone support.... We don't :)  but do 
   > > > admins really go run a program that the user said won't run?
   > > 
   > > Well, it *appears* that one of *you* did!  :>
   > 
   > 	Well, jbhunt was the one who gave the user the account and the 
   > user just transferred the root which is /bin/sh with setuid and ran it 
   > and he got root....  

Once upon a time, one of our nice users brought in a tape he wanted
read. One of the guys logged in as root, hung the tape and untarred it
into the nice user's directory.

The tape contained a shell that was setuid root... but we didn't
discover that 'till later.

Seems this guy didn't want to *break* anything, but just wanted to admin
the machine himself, being dissatisfied with us. Anyway, i learned
several valuable lessons:

1) Scan the machine for setuid programs. Often. 

2) Read user's tapes when logged in as the user.

3) If you are running a computer system, trust nobody.

-mark



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251403.HAA15335>