Date: Tue, 13 Jul 1999 09:43:52 +1000 (EST) From: Nicholas Brawn <ncb@zip.com.au> To: Mike Tancsa <mike@sentex.net> Cc: security@FreeBSD.ORG Subject: Re: 3.x backdoor rootshell security hole Message-ID: <Pine.LNX.4.05.9907130941420.5140-100000@zipper.zip.com.au> In-Reply-To: <4.1.19990712080116.053e4430@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 12 Jul 1999, Mike Tancsa wrote: > Has anyone looked at the articled below ? Here is a quote, > > "The following module was a nice idea I had when playing around with the > proc structure. Load this module, and you can 'SU' without a password. The > idea is very simple. The module implements a system call that gets one > argument : a PID. This can be the PID of any process, but will normally be > the PID of your user account shell (tcsh, sh, bash or whatever). This > process will then become root (UID 0) by manipulating its cred structure. > Here we go : " If an unauthorised individual can get far enough to load rogue modules, then you have far more important security issues to address first. Nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9907130941420.5140-100000>