SECURITY BUG IN INTERACTIVE UNIX SYSV386
Tim Wright
tim at dell.co.uk
Fri Feb 15 21:37:06 AEST 1991
In <1991Feb14.201602.21248 at kithrup.COM> sef at kithrup.COM (Sean Eric Fagan) writes:
>In article <1991Feb13.221259.1462 at scuzzy.in-berlin.de> src at scuzzy.in-berlin.de (Heiko Blume) writes:
>>not exactly, for public access to my source archive i've set up
>>a chroot() user that can't write anywhere, unhackable :-)
>Sorry, that's not the case. Once you've got root access, you can go through
>and do lots of nasty things, including setting u.u_rdir to something useful,
>like '/'. Figuring out how to do so is left as an excercise for the reader.
I think the point being made was that under that setup, how could you become
root ?? Without write-access to directories, you can't create the program
needed to break the system. As he said, unhackable (at least w.r.t. the bug
under discussion).
Tim
--
Tim Wright, Dell Computer Corp. (UK) | Email address
Bracknell, Berkshire, RG12 1RW | Domain: tim at dell.co.uk
Tel: +44-344-860456 | Uucp: ...!ukc!delluk!tim
"What's the problem? You've got an IQ of six thousand, haven't you?"
More information about the Comp.unix.sysv386
mailing list