Xref: utzoo comp.unix.xenix.sco:2250 comp.unix.admin:1621
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!math.fu-berlin.de!unidui!unido!cat!incom!odbffm.incom.de!oli
From: oli@odbffm.incom.de (Oliver Boehmer)
Newsgroups: comp.unix.xenix.sco,comp.unix.admin,sub.security
Subject: WARNING: SCO-Xenix game "hack", setuid root
Message-ID: <1991Apr17.192850.10450@odbffm.incom.de>
Date: 17 Apr 91 19:28:50 GMT
Organization: Oli's Datenbagger Frankfurt
Lines: 15

Hi!
When I recently went through the setuid-files on my system, I found, that
/usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root.
This version is part of SCO-XENIX Games and was installed with this 
permissions by the SCO-Utility custom.
HACK	x4511	root/root	1	./usr/games/lib/hackdir/hack	01
Hack allows shell escapes and I don't have to say what this means.

If it wouldn't be so serious, I'd laugh about this. But isn't it the right
filename for something like that?

Anyway, it's about time you go through your setuid-files
	find / \( -perm -4000 -o -perm -6000 \) -print

oli
-- 
Oliver Boehmer, Frankfurt, Germany           oli@odbffm.incom.de
+49-69-331461 (voice) +49-60-308265 (1200/2400)
If God is perfect, why did He create discontinuous functions?