Aucbvax.2953
fa.unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Sat Sep  5 06:25:57 1981
Re: /usr/spool/mail
>From MathStat.jmrubin@Berkeley Sat Sep  5 06:15:14 1981
       From csvax:unix-wizards Sat Sep  5 05:33:33 1981
       Subject:  Re: /usr/spool/mail
       Newsgroups: fa.unix-wizards
       >From James.Gosling@CMU-10A Sat Sep  5 05:23:07 1981
       If /usr/spool/mail is writable it's really easy to become super-user.

       1. copy the shell to the file /usr/spool/mail/root
       2. make it suid
       3. send mail to root

       When the mail is sent to root the delivery program only appends the mail to
       the mailbox and chowns the file to root.  *poof* you have a suid root shell.
       The easiest way to stop this is to not have /usr/spool/mail be writable.

                                               James.


       I don't think this would work because writing on a setuid file
usually shuts off the setuid bits (and setgid bits); of course, this is
installation dependent.  Of course, chown is a priviledged call, but
I suspect chown also turns off the setuid bits.  (If it doesn't, then
it should!)
                                       Joel Rubin

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.