Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!mcsun!i2unix!esacs!pizzi
From: pizzi@esacs.UUCP (Riccardo Pizzi)
Newsgroups: comp.unix.questions
Subject: Re: What's so special about uudecode?
Message-ID: <65@esacs.UUCP>
Date: 10 Jan 91 10:56:47 GMT
References: <3317@mrsvr.UUCP> <1990Dec29.142017.15454@robobar.co.uk> <3036@polari.UUCP>
Reply-To: pizzi@esacs.UUCP (Riccardo Pizzi)
Organization: Esa Software s.r.l. Rimini (FO), ITALY
Lines: 32

In article <3036@polari.UUCP> tronix@polari.UUCP (David Daniel) writes:

>[]Ha!  I think your vendor has made the *dreadful* error of making
>[]uudecode setuid to uucp "for the convenience of decoding received uucp
>[]files".  I have seen systems where this is a horrible security hole in
>[]that uudecode will allow anyone to make a setuid-to-uucp shell (begin 4755
>
>     [remainder of security hole explanation deleted]
>Even
>though you've told the net at large and who knows how many BBS's 
>around the world exactly how to hack a specific system and possibly 
>others I'll make a suggestion:
>You should have answered this person via e-mail with a cc to root. I'm 
>glad I don't have an account on his system.

I do not agree with you, by the way.
The information about security holes is of big interest for the entire
USENET community; it is stupid to try to hide things like this because of
being afraid of hackers. Just remember: hackers already knows many of them,
while most system admin don't. Not being an hacker, I understand that a system
admin is not able to find all the possible ways to hack a system just because
that is not his goal, but is the hacker's one.

I don't remember the name of the guy who explained the uudecode security hole,
but I want to publicly thank him for the advice.

Rick
--
Riccardo Pizzi @ ESA Software, Rimini, ITALY
e-mail: pizzi%esacs@relay.EU.net -or- root@xtc.sublink.org
Public Access Unix @ +39-541-27858 (Telebit)
<< Object Oriented is an Opaque Disease >>