Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!feed1.news.erols.com!news.magicnet.net!iag.net!newspump.sol.net!howland.erols.net!swrinde!news.uh.edu!hermes!yichen
From: yichen@hermes.cs.uh.edu ( Yi Chen )
Newsgroups: comp.unix.admin,comp.unix.bsd.misc
Subject: adduser
Date: 3 Dec 1996 21:08:31 GMT
Organization: University of Houston
Lines: 36
Message-ID: <5824sf$a6v@Masala.CC.UH.EDU>
NNTP-Posting-Host: hermes.cs.uh.edu
Xref: euryale.cc.adfa.oz.au comp.unix.admin:51352 comp.unix.bsd.misc:1674
1) Since adduser in BSDI is perl script,
After saving the original script, following are my actions
a) #!/usr/bin/perl was replaced by #!/usr/bin/suidperl in the script
b) chown to root
c) after typing Login name and hit return, I got following
Login name: xxxxx
Adding user: xxxxx
For security purposes, no characters are printed when entering passwords.
Insecure PATH at /etc/adm/lib/util.pl line 228, <STDIN> line 2.
e) I also wrote a simple C program as following, compiled it and suid to
root, and same error msg as c).
main(argc,argv)
int argc;
char **argv;
{
execv("/usr/local/bin/adduser",argv);
}
2) I also tried sudo and visudo the /etc/sudoers. RUN
/usr/local/bin/sudo /usr/sbin/adduser, got following
setuid(0): Operation not permitted
Please send your responses to yichen@cs.uh.edu
Thanks
Yi Chen