[4592] in linux-net channel archive
Re: A SERIOUS security problem!!!!
daemon@ATHENA.MIT.EDU (Brian A. Lantz)
Mon Sep 30 13:51:21 1996
Date: Mon, 30 Sep 1996 07:15:31 -0400 (EDT)
From: "Brian A. Lantz" <brian@lantz.com>
To: Alan Cox <alan@cymru.net>
cc: linux-net@vger.rutgers.edu, torvalds@cs.helsinki.fi
In-Reply-To: <199609300916.KAA21497@snowcrash.cymru.net>
On Mon, 30 Sep 1996, Alan Cox wrote:
> > This uses a security hole in telnetd, which allows passing of environment
> > variables into 'login'. They define 'LD_LIBRARY_PATH' to point to a user
> > (or incoming ftp) directory containing a new 'libc.so.4' or a
> > 'libroot.so' (also supplied in the cracker's kit), which contains NO
> > security checking, and logs them in as root.
>
> Yawn. If you followed any security list (even cert announce) you'd know this
> problem across multiple architectures was reported and fixed over a year ago
Yawn, I KNOW it WAS found long ago, but I also know that there are MANY
who did not hear of it!
I have received about 40 personal email messages about this since I send
the message to the list. About 4 of them were "everyone knows that, don't
bother us with this, stupid" message, while the rest were "Oh my God,
what's that" messages. Obviously it is NOT as well known (Yawn) as you
might believe.
So EXCUSE ME for trying to help other! I won't make THAT mistake again!!
-----------------------------------------------------------
Brian A. Lantz http://www.lantz.com brian@lantz.com
REAL PORTION of Microsoft Windows code:
while (memory_available) {
eat_major_portion_of_memory (no_real_reason);
if (feel_like_it)
make_user_THINK (this_is_an_OS);
gates_bank_balance++;
}
