Date: Tue, 25 Jun 1996 07:03:31 -0700 From: mark thompson <thompson@tgsoft.com> To: hackers@freefall.freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606251403.HAA15335@squirrel.tgsoft.com> In-Reply-To: message from Don Yuniskis on Tue, 25 Jun 1996 02:03:35 -0700 (MST)
next in thread | raw e-mail | index | archive | help
It seems that -Vince- said: > > On Tue, 25 Jun 1996, Don Yuniskis wrote: > > > It seems that -Vince- said: > > > Hmmm, that's only if we had phone support.... We don't :) but do > > > admins really go run a program that the user said won't run? > > > > Well, it *appears* that one of *you* did! :> > > Well, jbhunt was the one who gave the user the account and the > user just transferred the root which is /bin/sh with setuid and ran it > and he got root.... Once upon a time, one of our nice users brought in a tape he wanted read. One of the guys logged in as root, hung the tape and untarred it into the nice user's directory. The tape contained a shell that was setuid root... but we didn't discover that 'till later. Seems this guy didn't want to *break* anything, but just wanted to admin the machine himself, being dissatisfied with us. Anyway, i learned several valuable lessons: 1) Scan the machine for setuid programs. Often. 2) Read user's tapes when logged in as the user. 3) If you are running a computer system, trust nobody. -mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251403.HAA15335>