brad@bradley.UUCP (02/03/88)
We all know that the unixpc as security holes. Well I know 2 easy ways of becoming root. This is not acceptable here in a university environment. To fix I have 2 patches to fix this. Let me know if you want them (enough people send mail I will post the fix/programs). Bradley Smith UUCP: {cepu,ihnp4,noao,uiucdcs}!bradley!brad Text Processing ARPA: cepu!bradley!brad@seas.ucla.edu Bradley University PH: (309) 677-2337 Peoria, IL 61625 You never get a second chance to make a first impression.
brad@bradley.UUCP (02/07/88)
Well I will be posting them. What I will post are couple of things. 1. a uuecoded copy of an install diskette. 2. source to some of the programs on the install diskette The other bug in mail is fixable by a third diskette (which includes elm on it), or by doing this: A. move /bin/mail /bin/nmail B. put the following program in as /bin/mail have fun..... # 1 and #2 will posted sometime this weekend. I will be in dallas all next week. see you all there! Bradley Smith UUCP: {cepu,ihnp4,noao,uiucdcs}!bradley!brad Text Processing ARPA: cepu!bradley!brad@seas.ucla.edu Bradley University PH: (309) 677-2337 Peoria, IL 61625 You never get a second chance to make a first impression. ============cut here for new /bin/mail /* /bin/mail */ #include <signal.h> #include <stdio.h> #include <sys/types.h> #include <sys/stat.h> #include <utmp.h> #include <pwd.h> main(argc, argv) char **argv; { extern char *getenv(); char *cp; struct stat st; extern char *cuserid(); char mailfile[256]; struct utmp *utmp, *getutline(), ut; struct passwd *pwd, *getpwnam(); char lname[9], *cwd, *getcwd(); extern char *ttyname(); if (!strncmp(ttyname(1), "/dev/w", 6)) { strcpy(ut.ut_line, "w1"); utmp = getutline(&ut); if (utmp == NULL) { fprintf(stderr, "No-one logged in to /dev/w1\r\n"); exit(1); } strncpy(lname, utmp->ut_user, 8); lname[8] = 0; /* just in case it is == 8 */ pwd = getpwnam(lname); if (pwd == NULL) { fprintf(stderr, "%s logged in but not is /etc/passwd\r\n", lname); exit(2); } cwd = getcwd((char *) NULL, 512); if ((cwd == NULL) || (strcmp(cwd, "/etc") == 0)) chdir(pwd->pw_dir); setuid(pwd->pw_uid); setgid(pwd->pw_gid); endpwent(); /* close files */ endutent(); } strcpy(mailfile, "/usr/mail/"); if ((argc == 2) && !strcmp("-e", argv[1])) { /* mail -e */ strcat(mailfile, cuserid(NULL)); if (stat(mailfile, &st) == 0) { if (st.st_size > 0L) exit(0); } exit(1); } if (isatty(0) == 0) { signal(SIGHUP, SIG_IGN); signal(SIGINT, SIG_IGN); signal(SIGQUIT, SIG_IGN); } execv("/bin/nmail", argv); perror(argv[0]); }
gvogel@wsccs.UUCP (George Vogel) (02/11/88)
In article <9300053@bradley>, brad@bradley.UUCP writes: > > We all know that the unixpc as security holes. Well I know 2 easy > ways of becoming root. This is not acceptable here in a university > environment. To fix I have 2 patches to fix this. Let me know if > you want them (enough people send mail I will post the fix/programs). > We are currently using our 7300's to collect dust, but plan to incorporate them into our english department (electronic mail, etc). Although I have yet to discover security problems, the fixes would be very benificial. Count me in.