[6899] in bugtraq
Re: Patch to prevent setuid bash shells
daemon@ATHENA.MIT.EDU (Ryan Veety)
Tue Jun 2 12:14:22 1998
Date: Tue, 2 Jun 1998 11:32:22 -0400
Reply-To: Ryan Veety <root@RYANSPC.COM>
From: Ryan Veety <root@RYANSPC.COM>
X-To: Aleph One <aleph1@NATIONWIDE.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SUN.3.94.980601131657.639P-100000@dfw.dfw.net>
I am the one that wrote the patch. I don't know why Aleph showed up as
the sender...
It is mostly intended as a trap, for those who use shrink-wrapped scripts
and don't really understand how they work. Of course it does not secure
the system, but it warns the administrator if anyone attempts a setuid
shell, and doesn't give the offender another chance by rejecting future
logins.
Ryan
On Mon, 1 Jun 1998, Aleph One wrote:
> Notice I did not write or post the patch. For some reason LISTSERV decided
> to put me in the from header.
>
> Aleph One / aleph1@dfw.net
> http://underground.org/
> KeyID 1024/948FD6B5
> Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
>
