Re: SunOS exploit.

[blind () SEDATED NET (Trevor Linton)]

This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc.

Please mind you that this only works on versions of programs
that use getenv("USER"); to obtain the username, i'm also aware
anyone who uses elm on ANY system, linux, bsd, SunOS included
can read any users mail :P. getenv("USER") on programs that are
reliant on the USERNAME isn't safe especially when there +s'ed.

blind - blind () root hax0r org support () hax0r org
Swingin' Utters. a juvenile product of the working class.

"People who are having trouble communicating should just shuttup"


On Mon, 19 May 1997, Jeff Uphoff wrote:

> "TL" == Trevor Linton <blind () SEDATED NET> writes:
>
> TL> On sunos, if you execute a clean bash shell then type, export USER="root"
> TL> then USER=$LOGNAME, then execute chsh root or chfn root you can change
> TL> the root information.
>
> TL>  On the SunOS system i have [...]
>
> What version(s) of SunOS?
>
> I just tried this on an old 4.1.2 system I have and I could not
> duplicate it.
>
> --Up.
>
> --
> Jeff Uphoff - Scientific Programming Analyst  |  juphoff () nrao edu
> National Radio Astronomy Observatory          |  juphoff () bofh org uk
> Charlottesville, VA, USA                      |  jeff.uphoff () linux org
>         PGP key available at: http://www.cv.nrao.edu/~juphoff/