[10049] in Commercialization & Privatization of the Internet
Re: If Orson Welles were only alive...
daemon@ATHENA.MIT.EDU (Karl Denninger)
Sat Feb 5 04:28:49 1994
From: karl@mcs.com (Karl Denninger)
To: bzs@world.std.com (Barry Shein)
Date: Sat, 5 Feb 1994 03:28:25 -0600 (CST)
Cc: sob@tmc.edu, karl@mcs.com, com-priv@psi.com
In-Reply-To: <199402050805.AA14120@world.std.com> from "Barry Shein" at Feb 5, 94 03:05:13 am
>
> Actually it should be: rm /usr/ucb/rdist
>
> -Barry Shein
That too, but without root permission it is not NEARLY as dangerous.
The specific problem that rdist has in the default implementation is that
anyone can type "rdist -Server" and then change the permissions of any file
on the system by passing down a command to the server -- which is running
with root privileges!
--
--
Karl Denninger (karl@MCS.COM) | MCSNet - Full Internet Connectivity (shell,
Modem: [+1 312 248-0900] | PPP, SLIP and more) in Chicago and 'burbs.
Voice/FAX: [+1 312 248-8649] | Email "info@mcs.com". MCSNet is a CIX member.
