Date: Tue, 25 Jun 1996 07:40:34 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: -Vince- <vince@mercury.gaianet.net> Cc: Mark Murray <mark@grumble.grondar.za>, hackers@FreeBSD.ORG, security@FreeBSD.ORG, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSI.3.94.960625073731.15315A-100000@harlie.bfd.com> In-Reply-To: <Pine.BSF.3.91.960625013911.21697n-100000@mercury.gaianet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, -Vince- wrote: > Yeah, you have a point but jbhunt was watching the user as he > hacked root since he brought the file from his own machine.... so that > wasn't something the admin was tricked into doing.. Then the important question is, how did he move the file so that it retained the setuid bit? We're already pretty sure that the program is only /bin/sh with the setuid bit turned on. So either he found a way to move the file with the bit turned on, or he found a way to turn it on, which reqires root access.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.960625073731.15315A-100000>