On Tue, 8 Oct 2019, Arthur Krewat wrote:
Slightly off-topic, but still UUCP related. If a SunOS
box NFS exported
/, and I could mount /, even without root NFS access, using the uucp
user, I could overwrite uucico because it was owned by uucp. The entry
in inetd.conf would automatically run uucico as root. Telnet to the box
on that port, and it would happily run whatever I put in the uucico
file.
Bad joo-joo.
*Cough cough* I remember that *cough cough*...
Unix systems in those days were broken in subtle ways; we once broke into
a Gould (marketed as the most secure box on the planet[*]) by
social-engineering a marketoid (we tricked him into running a custom "ls"
or something). "Thank you Sir, and we've just broken into your Gould;
there's the root prompt".
[*]
They never did pay us our bounty, because we "cheated" :-)
-- Dave