[TUHS] History of exploits - request for authors

Derek Fawcus dfawcus+lists-tuhs at employees.org
Wed Dec 20 06:25:01 AEST 2017


A version independent, but terminal dependent one was using the echo
status line back to input mechanism of some terminals.

When combined with getting the victim to to copy a setuid stub,
one would get permanent access to their account - until root did a fs sweep
looking for unusual setuid programs.

DF


More information about the TUHS mailing list