Date: Tue, 25 Jun 1996 13:14:42 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: mark thompson <thompson@tgsoft.com> Cc: hackers@freefall.freebsd.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net>, security@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960625131354.25073E-100000@mercury.gaianet.net> In-Reply-To: <199606251403.HAA15335@squirrel.tgsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, mark thompson wrote: > It seems that -Vince- said: > > > > On Tue, 25 Jun 1996, Don Yuniskis wrote: > > > > > It seems that -Vince- said: > > > > Hmmm, that's only if we had phone support.... We don't :) but do > > > > admins really go run a program that the user said won't run? > > > > > > Well, it *appears* that one of *you* did! :> > > > > Well, jbhunt was the one who gave the user the account and the > > user just transferred the root which is /bin/sh with setuid and ran it > > and he got root.... > > Once upon a time, one of our nice users brought in a tape he wanted > read. One of the guys logged in as root, hung the tape and untarred it > into the nice user's directory. > > The tape contained a shell that was setuid root... but we didn't > discover that 'till later. > > Seems this guy didn't want to *break* anything, but just wanted to admin > the machine himself, being dissatisfied with us. Anyway, i learned > several valuable lessons: > > 1) Scan the machine for setuid programs. Often. > > 2) Read user's tapes when logged in as the user. > > 3) If you are running a computer system, trust nobody. This is very true.... Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960625131354.25073E-100000>