Great gaping security hole
utzoo!decvax!duke!unc!dopey.smb
utzoo!decvax!duke!unc!dopey.smb
Fri Mar 5 10:52:33 AEST 1982
To the best of my knowledge, that glitch was first described by
duke!trt and duke!jte in their paper on writing setuid programs
(it's an example of why *no* files should be generally writable).
The reason it's so serious is that it's generally applicable -- almost
any site with sophisticated terminals is vulnerable. (Ironically, IBM
machines are among the *least* vulnerable; they use 3270 terminals,
where the transmit screen command is out of band, at least for locally-
attached ones.) I would add one or two frills on the basic idea, but
I probably shouldn't; they help avoid detection.....
More information about the Comp.unix.wizards
mailing list