Automatic root login
Daniel R. Levy
levy at ttrdc.UUCP
Tue Dec 3 12:28:37 AEST 1985
In article <476 at graffiti.UUCP>, peter at graffiti.UUCP (Peter da Silva) writes:
>When you run a setuid program while you are setuid-ed
>to someone else, it thinks you have your original uid, not whomever you have
>setuid to. To demostrate this, try to perform an rmdir on someone's empty
>directory while you are setuid to them. This is either a bug or a feature
>depending on your perspective.
>--
>Name: Peter da Silva
I noticed something else funny (peculiar etc.) with respect to this. If I
am root and run cu to another system and attempt to do a ~%take from the
remote, I am DENIED PERMISSION to divert except to a publicly writeable
directory like /tmp !!! (cu is setuid uucp) This is when I log in on the
console as root. (This points out a bug in cu anyway; it also would be nicer
if upon getting the builtin ~%take sequence, cu would first check whether
it is indeed possible to write or create the desired file before telling the
remote to send it. I have added this feature to a cu I have running here
but that's beside the point anyhow; the point is setuid.)
--
------------------------------- Disclaimer: The views contained herein are
| dan levy | yvel nad | my own and are not at all those of my em-
| an engihacker @ | ployer or the administrator of any computer
| at&t computer systems division | upon which I may hack.
| skokie, illinois |
-------------------------------- Path: ..!ihnp4!ttrdc!levy
More information about the Comp.unix
mailing list