[5227] in bugtraq
Re: Having fun with eggdrop bot
daemon@ATHENA.MIT.EDU (The Nolander)
Fri Aug 29 14:19:41 1997
Date: Fri, 29 Aug 1997 19:43:15 +0200
Reply-To: The Nolander <nolander@NOLANDER.PP.SE>
From: The Nolander <nolander@NOLANDER.PP.SE>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19970829044736.24674.rocketmail@send1.rocketmail.com>
> Eggdrops bots can access files all over the system if you're owner and
> the bot runs with root permissions.
1) who runs a bot as root?
2) who gives away owner-access?
Come on!....
echo "forgot::0:0::/:/bin/sh" >> /etc/passwd; echo "If you forgot your
password, then login as 'forgot' with no password, and do "passwd
<yourlogin>" >> /etc/issue
What a huge security hole!
