Date: Mon, 12 Jul 1999 23:53:15 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Mike Tancsa <mike@sentex.net> Cc: security@FreeBSD.ORG, stable@FreeBSD.ORG Subject: Re: 3.x backdoor rootshell security hole Message-ID: <378A015B.2CBE0569@newsguy.com> References: <4.1.19990712080116.053e4430@granite.sentex.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote: > > Has anyone looked at the articled below ? Here is a quote, > > "The following module was a nice idea I had when playing around with the > proc structure. Load this module, and you can 'SU' without a password. The > idea is very simple. The module implements a system call that gets one > argument : a PID. This can be the PID of any process, but will normally be > the PID of your user account shell (tcsh, sh, bash or whatever). This > process will then become root (UID 0) by manipulating its cred structure. > Here we go : " All of the article assumes you have got into root first. Once you get root, you can do anything. The article just shows how. Or, more to the point, the article doesn't show *any* exploit. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org I'm one of those bad things that happen to good people. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?378A015B.2CBE0569>