Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!virtech!cpcahil
From: cpcahil@virtech.uucp (Conor P. Cahill)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb18.140624.1860@virtech.uucp>
Date: 18 Feb 91 14:06:24 GMT
References: <KR3NBQQ@dobag.in-berlin.de> <1991Feb12.085747.8468@specialix.co.uk> <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM> <1991Feb15.134715.16979@virtech.uucp> <3218@sixhub.UUCP>
Organization: Virtual Technologies Inc.
Lines: 13

davidsen@sixhub.UUCP (Wm E. Davidsen Jr) writes:
>  How is the uuencoded binary less dangerous than the source? Once you
>can write the passwd and shadow files you can either make your login
>root, change the root passwd, create a new root userid, etc.

THE uunencoded binary is not less dangerous.  I meant "a uuencoded binary
that proves that root access was obtained without damaging the security
of the system".

-- 
Conor P. Cahill            (703)430-9247        Virtual Technologies, Inc.
uunet!virtech!cpcahil                           46030 Manekin Plaza, Suite 160
                                                Sterling, VA 22170