Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!ukc!axion!delluk!tim
From: tim@dell.co.uk (Tim Wright)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <tim.666614226@holly>
Date: 15 Feb 91 10:37:06 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <483@stephsf.stephsf.com> <1991Feb13.221259.1462@scuzzy.in-berlin.de> <1991Feb14.201602.21248@kithrup.COM>
Sender: usenet@delluk.uucp (Usenet posting login)
Organization: Dell Computer Corp., Bracknell, UK
Lines: 21

In <1991Feb14.201602.21248@kithrup.COM> sef@kithrup.COM (Sean Eric Fagan) writes:

>In article <1991Feb13.221259.1462@scuzzy.in-berlin.de> src@scuzzy.in-berlin.de (Heiko Blume) writes:
>>not exactly, for public access to my source archive i've set up
>>a chroot() user that can't write anywhere, unhackable :-)

>Sorry, that's not the case.  Once you've got root access, you can go through
>and do lots of nasty things, including setting u.u_rdir to something useful,
>like '/'.  Figuring out how to do so is left as an excercise for the reader.

I think the point being made was that under that setup, how could you become
root ?? Without write-access to directories, you can't create the program
needed to break the system. As he said, unhackable (at least w.r.t. the bug
under discussion).

Tim
--
Tim Wright, Dell Computer Corp. (UK) | Email address
Bracknell, Berkshire, RG12 1RW       | Domain: tim@dell.co.uk
Tel: +44-344-860456                  | Uucp: ...!ukc!delluk!tim
"What's the problem? You've got an IQ of six thousand, haven't you?"