Path: utzoo!mnetor!tmsoft!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!uunet!lll-winken!ncis.tis.llnl.gov!dog.ee.lbl.gov!nosc!crash!ncr-sd!serene!rfarris
From: rfarris@rfengr.com (Rick Farris)
Newsgroups: comp.unix.sysv386
Subject: Re: SECURITY BUG IN INTERACTIVE UNIX SYSV386
Keywords: BAD BUG
Message-ID: <1991Feb17.041036.20898@rfengr.com>
Date: 17 Feb 91 04:10:36 GMT
References: <27B93F44.5606@tct.uucp> <6027@unix386.Convergent.COM> <1991Feb15.134715.16979@virtech.uucp>
Organization: RF Engineering, Del Mar, California
Lines: 22

In article <1991Feb15.134715.16979@virtech.uucp> cpcahil@virtech.uucp (Conor P. Cahill) writes:

| 	2. I wholeheartly DISAGREE with you posting the source code which
|	   performs the security bypass.  You could have just posted the
|	   uuencoded binary which would have been enough to prove your point
|	   without making it extremely easy for any two bit user to obtain
|	   privileged access.

|	   POSTING THE CODE WAS DEAD WRONG. 

Personally, I would never, ever, EVER run a binary that had
come across on the net. No matter what the accompanying text
said it did, and especially if I thought it might mess with
permissions.

Suppose that in addition to creating a root shell, it did
something else nasty?


--
Rick Farris  RF Engineering POB M Del Mar, CA 92014  voice (619) 259-6793
rfarris@rfengr.com     ...!ucsd!serene!rfarris      serenity bbs 259-7757