Date: Mon, 24 Jun 1996 13:36:51 -0700 (PDT) From: Veggy Vinny <richardc@CSUA.Berkeley.EDU> To: Mark Murray <mark@grumble.grondar.za> Cc: Mark Murray <mark@grumble.grondar.za>, Wilko Bulte <wilko@yedi.iaf.nl>, "Jordan K. Hubbard" <jkh@time.cdrom.com>, guido@gvr.win.tue.nl, hackers@freebsd.org, security@freebsd.org, ache@freebsd.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <Pine.PTX.3.91.960624133210.14727i-100000@soda.CSUA.Berkeley.EDU> In-Reply-To: <199606242027.WAA06360@grumble.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 1996, Mark Murray wrote: > Veggy Vinny wrote: > > > Take claims like this with a pinch of salt. ;-) > > > > I know but I tried it and it does let me run vipw ;-) > > > > > What is the program? If we know how it works, we can fix any secuity hole > > > it may be exploiting. > > > > Hmmm, the program is called root, no sources.. it's just a 278k > > binary... > > With a setuid bit? Not too sure... > Does ktrace(1) give any clues? Nope... :-( > What do you get from strings(1)? (Long shot..) -rwsr-xr-x 1 root users 278528 Jun 18 04:01 root is from the dir listing. as for strings... it's really long... > What other exploration have you done? Not much really..... I do remember seeing someone like hack root using ypwhich and it worked too.... that was on 2.1R... -current seemed to fix it... Vince GaiaNet System Administration
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.PTX.3.91.960624133210.14727i-100000>