Re: sendmail exploit script - resend

Rik Farrow (crow!rik@uunet.uu.net)
Mon, 28 Mar 94 09:28:05 MST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: smb@research.att.com: "Re: sendmail exploit script - resend"
Previous message: ches@research.att.com: "Re: /etc/utmp"
In reply to: Bonfield James: "Re: sendmail exploit script - resend"
Next in thread: smb@research.att.com: "Re: sendmail exploit script - resend"

>># this program will be executed when mail is sent to the fake alias.
>># since solaris sh and csh and tcsh refuse to run when euid != realuid,
>># we instead run the program we compiled above.
>
>Does anyone know quite what the logic behind these shell checks are? They're
>just a pain and a stumbling block that are trivial to work around. Is it only
>Sun derived things that do this?

SVR4 is the source of this behavior, and includes the Korn shell in the
list of programs which check for euid != realuid.  And Solaris 2.x is SVR4
related.

Rik Farrow

Next message: smb@research.att.com: "Re: sendmail exploit script - resend"
Previous message: ches@research.att.com: "Re: /etc/utmp"
In reply to: Bonfield James: "Re: sendmail exploit script - resend"
Next in thread: smb@research.att.com: "Re: sendmail exploit script - resend"