Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!newsfeeds.sol.net!mr.net!netnews.com!howland.erols.net!ais.net!noc.van.hookup.net!nic.mtl.hookup.net!rcogate.rco.qc.ca!n3ott.istar!ott.istar!istar.net!van.istar!west.istar!cal.istar!riscan.riscan.com!theos.com!deraadt From: deraadt@theos.com (Theo de Raadt) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Security hole Date: 18 Jan 1997 22:41:20 GMT Organization: Theo Ports Kernels For Fun And Profit Lines: 14 Message-ID: <DERAADT.97Jan18154120@zeus.theos.com> References: <32DEEC3F.E23@interlog.com> NNTP-Posting-Host: zeus.theos.com In-reply-to: Claude Pio's message of Thu, 16 Jan 1997 22:24:24 -0500 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5583 In article <32DEEC3F.E23@interlog.com> Claude Pio <pio@interlog.com> writes: Folks, I need help. I am running an ISP with a BSDI main server. Users have access to shell accounts in this server. The problem is that one user has been able to somehow gain enough authority to change passwords and delete all kinds of files. Can someone tell me how any user can do these things without being super user... Any help would be greatly appreciated..... Numerous ways. BSDi has many, many easily exploitable security holes. -- This space not left unintentionally unblank. deraadt@theos.com www.OpenBSD.org -- We're fixing security problems so you can sleep at night.