Date: Tue, 25 Jun 1996 08:43:37 -0700 (PDT) From: jbhunt <jbhunt@mercury.gaianet.net> To: Michael Smith <msmith@atrad.adelaide.edu.au> Cc: -Vince- <vince@mercury.gaianet.net>, mark@grumble.grondar.za, hackers@FreeBSD.ORG, security@FreeBSD.ORG, chad@mercury.gaianet.net Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960625083734.1920B-100000@mercury.gaianet.net> In-Reply-To: <199606251242.WAA00732@genesis.atrad.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Michael Smith wrote: > -Vince- stands accused of saying: > > > > Yeah, you have a point but jbhunt was watching the user as he > > hacked root since he brought the file from his own machine.... so that > > wasn't something the admin was tricked into doing.. > > ... so jbhunt should know exactly what he did. If they don't, then > you should sack them presto. > > But I don't think you understand; you cannot _make_ a file owned by > root unless you are _already_ root. > > > Vince > > -- > ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ > ]] Genesis Software genesis@atrad.adelaide.edu.au [[ > ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ > ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ > ]] Collector of old Unix hardware. "Where are your PEZ?" The Tick [[ > Ok, this is jb. First off all this copied from here to their as root didn't happen. I gave this fella an account knowing more than likely if we had a hole he would find it. Unfortunately I wasn't watching his tty when he actually used whatever exploit he used. He obviously used a setuid exploit so I suggest that there is a New exploit out abusing a setuid program somewhere on the system because I know vince fixed the mount_union and current fixed the old ypwhich hack. Or actually maybe not so old for some of you, but either way I did have to give him an account before he could do anything. However, once inside it took him 2 minutes and he was root. I know for a fact it was his FIRST look inside the system and I ran no scripts from his dir. That option is out so don't bother. I did start watching his tty after he took root but it was too late. I am open to any suggestions any of you have so far this seems to be a very constructive group :> John SysAdmin Gaianet
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960625083734.1920B-100000>