> Probably you weren't mumbling "I love SMI" 3 times while trying Neil's method? > But seriously, as someone has already said, the bug is in one of the routines > of the driver in the kernel, which passes a pointer to u-cred structure > and the routine actually modifies the uid and gid (euid & egid as well) to > zero. > > As for breakin code, I doubt if it's worth expecting it being posted here. I'll start off by saying that we are entirely a DEC shop here...so I can't test this out myself, but I would like to see a complete summary of the problem (with some more details) as I find this one quite funny...face it, as bugs go this is a good one. > Why DEC ships off Ultrix 4.X with a weirdo /.rhosts which contains -- > "# @(#).rhosts 8.1 Ultrix 9/18/92" (taken out of 4.4 ult) There was a bug as I recall that would allow a user to create a file provided it didn't already exist (something with mail, as I recall)...Since many systems didn't have a root .rhosts, that was an easy way in. I don't think Ultrix ever had this problem, but there was a lot of 3rd party code (based on some branch of the BSD tree) that had this problem. I presume it's DEC's (feeble?) way of preventing it... > Why can't you make mountd on Ultrix 4.X reject mount requests from > non-privileged ports? turning on "nfsportmon" in the kernel doesn't > quite do the job properly. Things that make you go hmmm... There are several replacements for Ultrix's mountd available with various features. Can't say I know more than that about them. -- Leo Bicknell - bicknell@vt.edu | Make a little birdhouse bicknell@csugrad.cs.vt.edu | in your soul...... bicknell@ussenterprise.async.vt.edu | They Might http://ussenterprise.async.vt.edu/~bicknell/ | Be Giants