Re: UUCP

[Casper Dik <Casper.Dik () Sun COM>]

> > Don't know about BSDi, but on Solaris uucp owns tip, uuencode, uudecode,
> > and others.  So if I can use this vuln to su uucp, I can trojan e.g.
> > tip.  Then the next time root runs what he thinks is tip, I've got the
> > box.
>
> on solaris:
>
> $ grep uucp /etc/inetd.conf
> uucp   stream  tcp     nowait  root    /usr/sbin/in.uucpd      in.uucpd

I think you'll find that in Solaris 8 and later, only those
executables that are set-uid uucp have retained uucp ownership.

(Tip, of course, is still often executed by root in some settings)

(Oh, and we're discussing a buffer overflow in uucp on BSDi, so
Solaris may not be a target for this problem)

Casper