Date: Tue, 25 Jun 1996 13:03:06 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: "Eric J. Schwertfeger" <ejs@bfd.com> Cc: Mark Murray <mark@grumble.grondar.za>, hackers@FreeBSD.ORG, security@FreeBSD.ORG, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960625130237.25073B-100000@mercury.gaianet.net> In-Reply-To: <Pine.BSI.3.94.960625073731.15315A-100000@harlie.bfd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Eric J. Schwertfeger wrote: > On Tue, 25 Jun 1996, -Vince- wrote: > > > Yeah, you have a point but jbhunt was watching the user as he > > hacked root since he brought the file from his own machine.... so that > > wasn't something the admin was tricked into doing.. > > Then the important question is, how did he move the file so that it > retained the setuid bit? We're already pretty sure that the program is > only /bin/sh with the setuid bit turned on. So either he found a way to > move the file with the bit turned on, or he found a way to turn it on, > which reqires root access. It was a remote login so he had to transfer it over somehow... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960625130237.25073B-100000>