From owner-freebsd-stable Mon Jul 12 4:53:22 1999 Delivered-To: freebsd-stable@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 8560314E2C; Mon, 12 Jul 1999 04:53:17 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-wat.sentex.net [209.167.248.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id HAA22149; Mon, 12 Jul 1999 07:53:16 -0400 (EDT) Message-Id: <4.1.19990712080116.053e4430@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 12 Jul 1999 08:05:03 -0400 To: security@freebsd.org From: Mike Tancsa Subject: 3.x backdoor rootshell security hole Cc: stable@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Has anyone looked at the articled below ? Here is a quote, "The following module was a nice idea I had when playing around with the proc structure. Load this module, and you can 'SU' without a password. The idea is very simple. The module implements a system call that gets one argument : a PID. This can be the PID of any process, but will normally be the PID of your user account shell (tcsh, sh, bash or whatever). This process will then become root (UID 0) by manipulating its cred structure. Here we go : " >X-To: BUGTRAQ@securityfocus.com >To: BUGTRAQ@SECURITYFOCUS.COM >X-UIDL: 88369f61515db2b291adff1fa2ad57e7 > >Hi folks, > >THC released a new article dealing with FreeBSD 3.x >Kernel modules that can attack/backdoor the >system. >You can find our article on http://thc.pimmel.com or >http://r3wt.base.org. > >Greets, pragmatic / The Hacker's Choice ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message