Bugtraq mailing list archives

Re: Re[2]: snooper watchers

From: karl () bagpuss demon co uk (Karl Strickland)
Date: Fri, 3 Mar 1995 21:21:40 +0000 (GMT)

Yep hacking suser()'s idea of root's uid is an example of a trivial
modification, thats trivial to do.  What the other guy was on about - loading
new (non-loadable, obviously) modules into a running kernel is distinctly
non-trivial in comparison; hence my point that it depends on the mods you're
making.  Thats whay Im interested to hear the two ways.


Hacking the system to have another idea of what a suser() is is easy enough.
What is not easy is finding all the userland programs that depend on
a particular definition of what is and what isnt a super user.  For example
if you changed superuser to uid 31337 then all of the sudden sendmail
and nfs bugs let you become root without going through another account
first.


yes but with respect, suser() isnt really the point is it.
-- 
------------------------------------------+-----------------------------------
Mailed using ELM on FreeBSD               |                    Karl Strickland
PGP 2.3a Public Key Available.            | Internet: karl () bagpuss demon co uk
                                          |

Current thread:

Re: Re[2]: snooper watchers fast forward futurama (Mar 01)
- Re: Re[2]: snooper watchers System Administrator (Mar 02)
- Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 02)
  - Re: Large security hole in SGI IRIX 5.2 Christian A. Ratliff (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Larry Glaze (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Dave Schweisguth (Mar 03)
    - Re: Large security hole in SGI IRIX 5.2 Software Test Account (Mar 07)
    - Re: Large security hole in SGI IRIX 5.2 Steve Robbins (Mar 10)
- <Possible follow-ups>
- Re: Re[2]: snooper watchers F. L. Charles Seeger III (Mar 01)
- Re: snooper watchers der Mouse (Mar 01)

(Thread continues...)