[677] in bugtraq
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
daemon@ATHENA.MIT.EDU (Timothy Newsham)
Thu Jan 19 17:42:19 1995
From: newsham@aloha.net (Timothy Newsham)
To: dsiebert@icaen.uiowa.edu (Doug Siebert)
Date: Thu, 19 Jan 1995 10:23:41 -1000 (HST)
Cc: barr@pop.psu.edu, bugtraq@fc.net
In-Reply-To: <199501182038.OAA29475.46EBD@icaen.uiowa.edu> from "Doug Siebert" at Jan 18, 95 02:38:19 pm
> > > Another thing not considered, is that by default under Ultrix
> > >all the network tty's are _unsecure_ meaning root cannot log in on
> > >them no matter what .rhosts says. Unless you have changed this it
> > >is absolutely not possible for this to be a problem.
> >
> > You mean except for "rsh ultrixhost rm -rf /"
> > Remember, with /.rhosts, having unsecure ttys has no effect.
> > --Dave
>
> Or instead of rm -rf /, how about using sed to change those ttys to secure to
> allow you a normal login?
you dont have to jump through hoops:
rm -rf host csh -if
gives you an interactive shell (though no tty). At this point you
can go around changing things at will interactively.
> Doug Siebert
> dsiebert@isca.uiowa.edu
