Re: Zolaris 2.5 Exploited.

[ye () backup ksc net th (Ye Tun)]

On Fri, 26 Jul 1996, Jungseok Roh wrote:

> if( -f /.rhosts ) then
>         echo -n "+ +" >> /.rhosts
> # As u know , we can't login as root .. use smtp account. that has UID 0  !!
>         /usr/bin/rsh localhost -l smtp csh -i

You might say that I am so dump.. But I am really confused.  I tried it
and it doesn't work.  What I understand is that, even the
/tmp/Kp_kcms_sys.sem is 666 mode, you are not running

 echo -n "+ +" >> /tmp/Kp_kcms_sys.sem

from the /usr/openwin/bin/kcms_calibrate program.  you are running that
from your own shell script with your own uid which doesn't have permission
to write the target file.  So, how will this work.

Please correct me if I am wrong.


REgards,

*[ Ye ]*
                     \```\
   ||                ) O O )               ||       ,Oo=-=oOo=-=oOo=-=oOo=-,
+--++------------.oOOo--U--ooOo.-----------++--+    (  Becareful with what )
 \ Ye Tun                  ye () ksc net th         \    \ you wish for, you /
  \ Computer Laboratory    +66 2 3004543 ext. 3672 \   |  might get it  /
   \ Assumption University    Fax. +662 7191945      \  \_______,  ___/
    \ Bangkok 10240, Thailand   Pager. 1144-781620     \     .__o '
     +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-Oooo.-=-=-=-=-=-=-=-=#--_-\_<,
                           .oooO   (   )                  (*)/`(*)
                           (   )    ) /
                            \ (    (_/
                             \_)