From owner-freebsd-hackers Thu Jun 27 11:23:07 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA15146 for hackers-outgoing; Thu, 27 Jun 1996 11:23:07 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA15133 for ; Thu, 27 Jun 1996 11:22:46 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA05413; Thu, 27 Jun 1996 11:21:23 -0700 From: Terry Lambert Message-Id: <199606271821.LAA05413@phaeton.artisoft.com> Subject: Re: I need help on this one - please help me track this guy down! To: mbarkah@hemi.com (Ade Barkah) Date: Thu, 27 Jun 1996 11:21:23 -0700 (MST) Cc: terry@lambert.org, hackers@freebsd.org In-Reply-To: <199606270141.TAA25732@hemi.com> from "Ade Barkah" at Jun 26, 96 07:41:58 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > rcp preserves suid/sgid on the target system. Now look for a > > writeable sticky directory... > > I don't think this is true... even if it were, now the user owns > a setuid/setgid file, no big deal. Directory ownership can determine file ownership -- or at least group ownership. Easy to build group wheel, bin, or kmem binaries, assuming writable directories somewhere. Alternately, of you have mounted via an SVR3 NFS system, you can "give away" the file or directory to root via chmod. Where there is a will, there is a way. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.