[4201] in bugtraq
Re: your mail
daemon@ATHENA.MIT.EDU (Illuminati Primus)
Mon Mar 24 17:11:40 1997
Date: Mon, 24 Mar 1997 15:42:55 -0500
Reply-To: Illuminati Primus <vermont@GATE.NET>
From: Illuminati Primus <vermont@GATE.NET>
X-To: Jamie Rishaw <jamie@dilbert.iagnet.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199703241414.JAA00477@dilbert.iagnet.net>
The problem is, Good Little Sysadmins(tm) would still be compromised due
the fact that cron jobs are usually stored in /var/spool/cron . Cowzilla
the bovine would still be able to append to root's crontab and get root.
Now if /var/tmp was on a separate partition along with /tmp (why not just
symlink them together?), then the Good Little Sysadmins(tm) would be
saved. Even better would be a +securehlink mount option (I think there is
a patch for linux). This would solve many problems related to hard links
to files owned by other users (gzip, pine, quota rips offs, saving buggy
suid root sendmails, etc).
-Vermont
vermont@gate.net
On Mon, 24 Mar 1997, Jamie Rishaw wrote:
> > Hello fellow mongoloids
> > Try this:
> > Make hard link of /etc/passwd to /var/tmp/dead.letter
> > Telnet to port 25, send mail from some bad email address to some unreacheable hoost.
> > Watch your message get appended to passwd.
> > ie:
> > cowzilla::0:0:c0wz1ll4 0wns u:/:/bin/sh
>
> This is why Good Little Sysadmins(tm) have /, /var, /tmp, /usr, etc. on
> separate partitions and/or drives.
>
> If /etc and /var/tmp are on different partitions this wont work. Can't
> symlink cross-device far as I know.
>
> > This is not good. Worked with my 8.8.4, will probably also work with 8.8.5
> > Root for the whole family
> >
> > -Cowzilla the omnipotent b0v1n3
> > PD
> > Greets to various #2600 people
> >
>
>
> --
> jamie g.k. rishaw <jamie@iagnet.net> - Internet Access Group [www.iagnet.net]
> - Cleveland - Akron - Pittsburgh - Detroit - Columbus - Toledo -
> Corp: (800) 637 4IAG / (216) 623 3565. DID: (216) 902 5455. FAX (216) 623 3566.
> Personal: jamie@@arpa.com || jamie@@null.net (Remove second @, nonspammers) =)
>
