Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 31 Dec 1997 09:12:43 +0800 (WST)
From:      Michael Slater <mikey@atlas.iexpress.net.au>
To:        "Eric C. S. Dynamic" <ecsd@transbay.net>
Cc:        isp@FreeBSD.ORG, security@FreeBSD.ORG, Wut!? <geniusj@bsd.dialup.bestweb.net>
Subject:   Re: Two sources for system-cracking tools
Message-ID:  <Pine.LNX.3.95.971231091122.14140A-100000@atlas.iexpress.net.au>
In-Reply-To: <34A98FA3.42877E5C@transbay.net>

next in thread | previous in thread | raw e-mail | index | archive | help
That actually happend to me once, but it was a while ago when i was using
the buggy version of wu.ftpd . I fixed that particular bug a while ago.

Michael

On Tue, 30 Dec 1997, Eric C. S. Dynamic wrote:

> Mike wrote:
> > On Tue, 30 Dec 1997, Wut!? wrote:
> > > Yeah, Rootshell.com isn't very good with his information, and there is a
> > > very simple explanation why .. (He runs linux!)..
> > 
> > [...]- saying "He runs linux" is an
> > explanation for poor logic is like saying [...]
> 
> He (rootshell) got the data from somewhere, maybe it's wrong.
> No point in being bigoted against Linux. When I justify choosing
> FreeBSD over Linux I just tell people it's real BSD and that it
> has a reputation for being more robust, that we use it and there's
> only one kind. And I don't care to learn about another sorta-similar,
> sort-different system unless I have to (no time.)
> 
> Meanwhile, I reported those two sources for hacker-stuff out as a
> notice (what land doc said of itself) and a question (does teardrop
> work if you're not using the firewall.) Someone hacked our system
> by creating an executable suid-root copy of /bin/sh in /tmp,
> and this is the second time someone's been able to do that, this
> time I discovered it about 12 minutes after the file was created,
> but I'd like to know "how they do that" and I'd like to plug the
> hole. The user I axed had a dozen-plus hack'em crack'em thingys
> lying around, for experimentation. Maybe one of them works, but
> which one? A lot of them try to manipulate the stack at a machine
> level, apparently.
> 
> If the suid-root /bin/sh in /tmp rings a bell, let me know a
> countermeasure. Thanks.
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.95.971231091122.14140A-100000>