Date: Thu, 3 Dec 1998 02:55:53 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: dima@best.net, guido@gvr.org, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc master.passwd Message-ID: <19981203025553.A93963@nagual.pp.ru> In-Reply-To: <19981203023719.A87604@nagual.pp.ru>; from ache@nagual.pp.ru on Thu, Dec 03, 1998 at 02:37:19AM %2B0300 References: <19981203014511.A72032@nagual.pp.ru> <199812022329.PAA86705@burka.rdy.com> <19981203023719.A87604@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 03, 1998 at 02:37:19AM +0300, Andrey A. Chernov wrote: > Yes, but _after_ having root access once (suppose you close the hole > quickly) he can use your machine forever under operator account (without > root access) which is hardly detected because passwd unchanged. Just to add: system binaries unchanged too, no s-bit changes too, just directory with .cshrc which can leave forever undetected. -- Andrey A. Chernov http://www.nagual.pp.ru/~ache/ MTH/SH/HE S-- W-- N+ PEC>+ D A a++ C G>+ QH+(++) 666+>++ Y To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981203025553.A93963>