Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Jun 1996 13:55:05 -0700 (PDT)
From:      -Vince- <vince@mercury.gaianet.net>
To:        "Michael L. VanLoon -- HeadCandy.com" <michaelv@HeadCandy.com>
Cc:        "Eric J. Schwertfeger" <ejs@bfd.com>, Mark Murray <mark@grumble.grondar.za>, hackers@freebsd.org, security@freebsd.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net>
Subject:   Re: I need help on this one - please help me track this guy down! 
Message-ID:  <Pine.BSF.3.91.960626135432.2935B-100000@mercury.gaianet.net>
In-Reply-To: <199606260511.WAA00500@MindBender.HeadCandy.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Michael L. VanLoon -- HeadCandy.com wrote:

> >On Tue, 25 Jun 1996, Eric J. Schwertfeger wrote:
> >> On Tue, 25 Jun 1996, -Vince- wrote:
> 
> >> > 	Yeah, you have a point but jbhunt was watching the user as he 
> >> > hacked root since he brought the file from his own machine.... so that 
> >> > wasn't something the admin was tricked into doing..
> 
> >> Then the important question is, how did he move the file so that it
> >> retained the setuid bit?  We're already pretty sure that the program is
> >> only /bin/sh with the setuid bit turned on.  So either he found a way to
> >> move the file with the bit turned on, or he found a way to turn it on,
> >> which reqires root access.
> 
> >	It was a remote login so he had to transfer it over somehow...
> 
> Well, *if* that's true, it still wouldn't be setuid root just from the
> transfer.  He'd *still* have to get root some other way to make this
> binary setuid root.
> 
> But if he's going to do that, why bother copying a binary over the
> network -- it would just be easier to just snag a copy of your own
> /bin/sh and mark it setuid root.

	Hmmm, what happens if he tars it first and then sends it over?

Vince




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960626135432.2935B-100000>