kimery@wdl1.UUCP (04/10/87)
Bug is as follows: log in as a normal user. su to root. horse around for a while. try to logout. surprise! you drop back to the normal user, then you attempt to logout. You then become root again! Not quite what you had in mind. Sam Kimery kimery@ford-wdl1 sun!wdl1!kimery Merry Feast of the Pig!
madd@bucsb.bu.edu.UUCP (04/13/87)
In article <5650004@wdl1.UUCP> kimery@wdl1.UUCP (Sam Kimery) writes: >Bug is as follows: > >log in as a normal user. su to root. horse around for a while. try to >logout. surprise! you drop back to the normal user, then you attempt >to logout. You then become root again! Not quite what you had in mind. what? this is exactly what i would expect. i just logged onto the AT&T 2B2 computer here and: Console login: root Passwd: wouldntyouliketoknow [motd stuff deleted] # su madd <- this is my normal name $ su root Passwd: wouldntyouliketoknow # [do stuff] # ^D $ ^D # ^D Console login: i do believe that the AT&T-supplied sysV unix su operates correctly. > Sam Kimery %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Jim Frost * The Madd Hacker | UUCP: ..!harvard!bu-cs!bucsb!madd H H | ARPA: madd@bucsb.bu.edu H-C-C-OH <- heehee +---------+---------------------------------- H H | "We are strangers in a world we never made"
stuart@bms-at.UUCP (04/14/87)
In article <5650004@wdl1.UUCP>, kimery@wdl1.UUCP (Sam Kimery) writes: > log in as a normal user. su to root. horse around for a while. try to > logout. surprise! you drop back to the normal user, then you attempt > to logout. You then become root again! Not quite what you had in mind. The init program tries to find login on /usr/bin. If there is no /usr/bin/login, init creates a super user shell. While "horsing around", you probably unmounted /usr. (Or mounted the wrong filesystem on it.) This is a serious security flaw as long as /etc/umount is unprotected as it is in minix and /usr/bin is not on the root filesystem. But then, how secure can it be anyway when you can change floppies? -- Stuart D. Gathman <..!seismo!dgis!bms-at!stuart>