Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!solace!nntp.uio.no!newsfeeds.sol.net!news-xfer.netaxs.com!feed1.news.erols.com!news.alt.net!newspost1.alt.net!tiiap.mec.edu!matt From: matt@tiiap.mec.edu (Matt Bancroft) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Security hole Date: 20 Jan 1997 00:25:00 GMT Organization: MEC Lines: 25 Message-ID: <5bue0s$psh@tofu.alt.net> References: <32DEEC3F.E23@interlog.com> <DERAADT.97Jan18154120@zeus.theos.com> <5bstum$84v@duke.telepac.pt> X-Newsreader: TIN [version 1.2 PL2] Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5645 Mad (mad@grupo.bfe.pt) wrote: : In article <DERAADT.97Jan18154120@zeus.theos.com>, deraadt@theos.com (Theo de Raadt) wrote: : >>In article <32DEEC3F.E23@interlog.com> Claude Pio <pio@interlog.com> writes: : >> Folks, I need help. I am running an ISP with a BSDI main server. Users : >> have access to shell accounts in this server. The problem is that one : >> user has been able to somehow gain enough authority to change passwords : >> and delete all kinds of files. Can someone tell me how any user can do : >> these things without being super user... : >> : >> Any help would be greatly appreciated..... : >Numerous ways. BSDi has many, many easily exploitable security holes. : Such as? Security problems in lpr, sendmail and adduser come to mind at the moment... ============================== Matt Bancroft TIIAP System Administration matt@mec.edu bancroft@akamail.com ==============================