Date: Wed, 26 Jun 1996 09:22:58 +0200 (MESZ) From: "Hr.Ladavac" <lada@ws2301.gud.siemens.co.at> To: terry@lambert.org (Terry Lambert) Cc: alk@Think.COM, jbhunt@mercury.gaianet.net, hackers@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606260722.AA108163778@ws2301.gud.siemens.co.at> In-Reply-To: <199606252143.OAA00994@phaeton.artisoft.com> from "Terry Lambert" at Jun 25, 96 02:43:37 pm
next in thread | previous in thread | raw e-mail | index | archive | help
In his e-mail Terry Lambert wrote: > > I suggest inducing the user to repeat her exploit. Take the system > > down. Wipe the user's directory. Bring it up, with a motd reporting > > a disk crash, and partial restoration. Log everything the user does. > > > > Or, you might just *ask*. Most folks who hack a random ISP system do > > it for fun, and love to brag about it. > > rcp preserves suid/sgid on the target system. Now look for a writeable > sticky directory... Ten dollar gets you one it's called /tmp ... No wonder people mount /var as nosuid noexec nodev and link /tmp to /var/tmp :) /Marino PS: you sure about rcp? (I'm gonna try it anyway :) > > > Terry Lambert > terry@lambert.org > --- > Any opinions in this posting are my own and not those of my present > or previous employers. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606260722.AA108163778>