-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mon, 31 Jan 2000, Simple Nomad wrote:
> Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
> "standard in must be a tty..." therefore the sploit would stop on the
> first word in the list as if it was the correct password. Therefore I fail
> to see the exact sploit here. I tried this on a stock RH 6.1 machine.
>
> - Simple Nomad - No rest for the Wicca'd -
> - thegnome_at_nmrc.org - www.nmrc.org -
> - thegnome_at_razor.bindview.com - www.bindview.com -
You could create a more complicated exploit using ptty's. Basically su
checks if standard input is a tty because they don't want you using 'su'
in shell scripts. But you can still do it, it's just not as easy.
I'd contribute example code but I just woke up. :b
Ian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4lzlmfn9ub9ZE1xoRAvR4AKChxizjFxxUXwfzYWLSi0dU5TbPQwCfdkv6
VdKx0CkPQlnicXgsJDC+B3M=
=QjkA
-----END PGP SIGNATURE-----
Received on Feb 02 2000
Intro
