No subject
utzoo!decvax!ucbvax!unix-wizards
utzoo!decvax!ucbvax!unix-wizards
Fri Sep 11 21:18:08 AEST 1981
>From MathStat.jmrubin at Berkeley Fri Sep 11 21:07:57 1981
TO: csvax:unix-wizards
Subject: /usr/spool/mail
Would you believe, after all this /usr/spool/mail business, I
found a a local mail program, setuid root, which was calmly willing
to write to any file, or to creat the file if it didn't exist?
Made the previous bugs seem positively Byzantine by comparison.
If you have that, you might as well give up--/etc/passwd can be written
on. Anyone for setuid root programs which fork a shell without resetting
the uid?
Joel Rubin
More information about the Comp.unix.wizards
mailing list