Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!serv.hinet.net!news.uoregon.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!newsfeed.internetmci.com!in3.uu.net!rocky.scvnet.com!casper.scvnet.com!john From: john@casper.scvnet.com (John Yaworski) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: BSDI security Date: 6 Aug 1996 23:32:10 GMT Organization: SCVNET Lines: 25 Message-ID: <4u8klq$k7g@rocky.scvnet.com> References: <Pine.BSI.3.94.960805093815.17110A-100000@picard.chickasaw.com> NNTP-Posting-Host: casper.scvnet.com X-Newsreader: TIN [version 1.2 PL2] Shawn McMahon (smcmahon@chickasaw.com) wrote: : Does anyone know of a way that a person could su himself to root on a : BSDI system, without having his name in the "wheel" group? : Whether with or without knowledge of the root password, is there a way? : And, is there a defense? : On the system in question, no terminals are marked "secure" except the : console entries. It's unlikely that the root password got out, although : it is of course possible. I had a guy take advantage of the default perms in /var/www/conf/ to write a perl script, running as www, to mod the httpd.conf file so that httpd would run as root. The next time the config file was read, (when I re-started httpd), his cool telnetd, running as www, dropped him a root prompt. He changed my root password! -john : Shawn McMahon | Smokesignals Computer Company : Senior System Operator | Southern Oklahoma's Internet Service Provider : Chickasaw Nation Net | 405 332-0033 http://www.chickasaw.com