Xref: utzoo comp.unix.xenix.sco:2287 comp.unix.admin:1650
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!samsung!crackers!cpoint!frog!rmkhome!rmk
From: rmk@rmkhome.UUCP (Rick Kelly)
Newsgroups: comp.unix.xenix.sco,comp.unix.admin,sub.security
Subject: Re: WARNING: SCO-Xenix game "hack", setuid root NO DANGER, OOOOPS
Message-ID: <9104211024.32@rmkhome.UUCP>
Date: 21 Apr 91 19:42:00 GMT
References: <1991Apr17.192850.10450@odbffm.incom.de> <1991Apr18.213843.18297@odbffm.incom.de>
Reply-To: rmk@rmkhome.UUCP (Rick Kelly)
Organization: The Man With Ten Cats
Lines: 31

In article <1991Apr18.213843.18297@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes:
>In <1991Apr17.192850.10450@odbffm.incom.de> oli@odbffm.incom.de (Oliver Boehmer) writes:
>
>>Hi!
>>When I recently went through the setuid-files on my system, I found, that
>>/usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root.
>>This version is part of SCO-XENIX Games and was installed with this 
>>permissions by the SCO-Utility custom.
>>HACK	x4511	root/root	1	./usr/games/lib/hackdir/hack	01
>>Hack allows shell escapes and I don't have to say what this means.
>
>>If it wouldn't be so serious, I'd laugh about this. But isn't it the right
>>filename for something like that?
>
>>Anyway, it's about time you go through your setuid-files
>>	find / \( -perm -4000 -o -perm -6000 \) -print
>
>>oli
>
>Ooooops, I just found out, that the permissions are reset before starting
>the shell, so that there is no potential danger. 
>I'm sorry about this.
>But one thing I'd really like to know: Why the &/%$"&/ is hack setuid? 



I believe that the high score file belongs to root, and can only be read by
and written to by root.


Rick Kelly	rmk@rmkhome.UUCP	frog!rmkhome!rmk	rmk@frog.UUCP