Date: Wed, 26 Jun 1996 13:55:05 -0700 (PDT) From: -Vince- <vince@mercury.gaianet.net> To: "Michael L. VanLoon -- HeadCandy.com" <michaelv@HeadCandy.com> Cc: "Eric J. Schwertfeger" <ejs@bfd.com>, Mark Murray <mark@grumble.grondar.za>, hackers@freebsd.org, security@freebsd.org, Chad Shackley <chad@mercury.gaianet.net>, jbhunt <jbhunt@mercury.gaianet.net> Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.BSF.3.91.960626135432.2935B-100000@mercury.gaianet.net> In-Reply-To: <199606260511.WAA00500@MindBender.HeadCandy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 1996, Michael L. VanLoon -- HeadCandy.com wrote: > >On Tue, 25 Jun 1996, Eric J. Schwertfeger wrote: > >> On Tue, 25 Jun 1996, -Vince- wrote: > > >> > Yeah, you have a point but jbhunt was watching the user as he > >> > hacked root since he brought the file from his own machine.... so that > >> > wasn't something the admin was tricked into doing.. > > >> Then the important question is, how did he move the file so that it > >> retained the setuid bit? We're already pretty sure that the program is > >> only /bin/sh with the setuid bit turned on. So either he found a way to > >> move the file with the bit turned on, or he found a way to turn it on, > >> which reqires root access. > > > It was a remote login so he had to transfer it over somehow... > > Well, *if* that's true, it still wouldn't be setuid root just from the > transfer. He'd *still* have to get root some other way to make this > binary setuid root. > > But if he's going to do that, why bother copying a binary over the > network -- it would just be easier to just snag a copy of your own > /bin/sh and mark it setuid root. Hmmm, what happens if he tars it first and then sends it over? Vince
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960626135432.2935B-100000>