WARNING: SCO-Xenix game "hack", setuid root
Oliver Boehmer
oli at odbffm.incom.de
Thu Apr 18 05:28:50 AEST 1991
Hi!
When I recently went through the setuid-files on my system, I found, that
/usr/games/lib/hackdir/hack (the actual nethack-program) is setuid-root.
This version is part of SCO-XENIX Games and was installed with this
permissions by the SCO-Utility custom.
HACK x4511 root/root 1 ./usr/games/lib/hackdir/hack 01
Hack allows shell escapes and I don't have to say what this means.
If it wouldn't be so serious, I'd laugh about this. But isn't it the right
filename for something like that?
Anyway, it's about time you go through your setuid-files
find / \( -perm -4000 -o -perm -6000 \) -print
oli
--
Oliver Boehmer, Frankfurt, Germany oli at odbffm.incom.de
+49-69-331461 (voice) +49-60-308265 (1200/2400)
If God is perfect, why did He create discontinuous functions?
More information about the Comp.unix.admin
mailing list