Re: Security Info (root broken) (fwd)

Neil Woods (neil@legless.demon.co.uk)
Sun, 9 Oct 1994 16:14:27 +0100 (GMT+0100)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Robert Sargent: "Re: Wanted: hackers blah blah blah"
Previous message: John P. Rouillard: "Re: Wanted: hackers for tiger team (new england area)"

> 
> I dont know about you guys but having used and proved all of the binmail
> exploit scripts the quick and dirty fix for them is put this in rc.local:
> 
> /bin/touch /usr/spool/mail/root
> /bin/touch /usr/spool/mail/sysdiag
> /bin/touch /usr/spool/mail/sundiag
> /bin/touch /usr/spool/mail/[any other uid 0 acct]

It's advisable to do the same for non uid 0 accounts too, particularly
ones that can offer improved chances of breaking root.

Source to create mailboxes for all users was included in advisory
[8lgm]-Advisory-5.UNIX.mail.24-Jan-1992.

Neil

P.S. I don't want to see any censorship of bugtraq.  Delete what you don't
want to see, it's easily done.  I'd be even more bored with life if everyone
did as I saw fit!

-- 
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.

        ...like a badger with an afro throwing sparklers at the Pope...

Next message: Robert Sargent: "Re: Wanted: hackers blah blah blah"
Previous message: John P. Rouillard: "Re: Wanted: hackers for tiger team (new england area)"