Apur-ee.132
fa.unix-wizards
utzoo!decvax!pur-ee!rick
Wed Sep  9 19:12:35 1981
/usr/spool/mail
The problem is that mail should not chown a file it didn't create.
If the directory is writable, there are so many things you can do,
there will always be a way around your fixes. The discussion seems to
be centering on the suid bits of /usr/spool/mail/root. Various solutions
have been offered including chmoding the file to mode 600 to get
rid of the suid bits. If the site runs "at", you dont have to have
the suid bit on in /u/sr/spool/mail. Just do an "at current-time+1" and
enter the commands chown 0/0 /bin/sh;chmod 4755 /bin/sh to at. "at"
will happily put the commands in /u/spool/at/something. You then link
/usr/spool/mail/root to /usr/spool/at/whatever and mail root. Presto--
"at" thinks that root owns the command file and runs it and /bin/sh is suid
root.

One shouldn't try to cure the symptoms, but to eradicate the disease.
---rick
(pur-ee!rick)

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.