Xref: utzoo comp.unix.xenix.sco:2285 comp.unix.admin:1648
Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!caen!ox.com!math.fu-berlin.de!ira.uka.de!unido!horga!wizard!mack
From: mack@wizard.ruhr.de (Jochen Erwied)
Newsgroups: comp.unix.xenix.sco,comp.unix.admin,sub.security
Subject: Re: WARNING: SCO-Xenix game "hack", setuid root NO DANGER, OOOOPS
Message-ID: <190692ed.ARN0449@wizard.ruhr.de>
Date: 22 Apr 91 12:07:09 GMT
References: <1991Apr17.192850.10450@odbffm.incom.de> <1991Apr18.213843.18297@odbffm.incom.de>
Reply-To: mack@wizard.ruhr.de (Jochen Erwied)
Organization: The Wizard of Yendor
Lines: 13

In article <1991Apr18.213843.18297@odbffm.incom.de>, Oliver Boehmer writes:

>But one thing I'd really like to know: Why the &/%$"&/ is hack setuid?

Very simple answer: try accessing the game files without setting the user-
ID (record/logfile, for example).

>Oh well.
>oli
--
Jochen Erwied           [...!uunet!mcsun!unido!]mack@wizard.ruhr.de
Emil-Figge-Str. 3/A05   +49-231-750331 (data)
D-W-4600 Dortmund 50    +49-231-756081 (voice)