Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: bin ownership problem

From: Brad.Powell () ebay sun com ( Brad Powell - Sun CIS)
Date: Thu, 19 May 94 10:12:22 PDT


A prime example is /usr/games/chesstool on sunos 4.1.x machines. It came
setuid bin for some unknown reason (I have this theory there is someone
assigned at sun to just put random permissions on programs 
before they hit the cd :-). Well, if you pop up sunview which is needed
to run this, you can get any program you want run as user bin. And guess
what, /etc is owned by bin on a standard install.



we had to change the setuid to bin when we changed the ownership of /etc
to bin. Otherwise you couldn't use chesstool to break root :-) :-)

(that was a joke for the smiley impaired btw)

Seriously though this was done so that it could write a high score file.

STUPID idea I know, but back a dozen years or so ago life was simplier
the grass was greener, and system-crackers were rare. :-)
The late 70's and 80's were the years when the emphasis was on getting 
every computer system to talk to and work with every other computer system.
Now in the 90's we are trying to shut them up. :-0

Lesson;
Watch out for setuid/setgid programs that allow a shell escape :-) :-\ :-|


=======================================================================
Brad Powell : brad.powell () Sun COM        | 
                                         |
Full Time: Sr. Network Security Analyst  |Part time: Cyberspace PI
           ENS Network Security Group    |           and Consultant
           Sun Microsystems Inc.         |
=======================================================================
               The views expressed are those of the author and may
                  not reflect the views of Sun Microsystems Inc.
=======================================================================
Previous By Date Next
Previous By Thread Next

Current thread: